We’ve seen different ways of how hackers gain control of an ATM to steal money in the past, but Symantec’s blog post reports of a recent method to make ATMs dispense cash and it just involves a text message. They added that one of the main reasons ATMs are easily hacked is because of the use of an outdated Microsoft XP.
According to the post, there’s a 3-step process before the ATM starts spewing cash:
First is when hackers install a Trojan virus called Backdoor.Ploutus.B (referred to simply as Ploutus) unto the computer of the ATM via USB tethering.
When a full two-way connectivity is established, specific SMS command messages from a second phone far away are then sent to the tethered phone. The phone receives the message with the required format and converts it into a network packet, then forwards it to the ATM’s computer through the USB cable.
The embedded Ploutus in the computer starts up and basically commands the ATM to begin dispensing cash, just about the same time an accomplice goes to the ATM to ‘withdraw’ money.
Symantec pointed out a couple of factors that could make ATMs vulnerable to these attacks and one of the main reasons is the present use of an outdated Windows XP. They advised the owners to upgrade to the latest operating system not just for features, but also for security.
To go into the detailed process of how the whole operation is done, head over to Symantec’s blog on the source link.