Windows XP flaw: ATMs Being Hacked By Just An Sms

‎We already know that Microsoft's support for  windows XP

has been ended on 8th April of this year , apparently 95%

of the world's 3 million ATM machines are runnnig on it.

Microsoft's decision to withdraw support for Windows XP

poses critical security threat to the economic

infrastructure worldwide.

Security researchers at Antivirus firm Symantec claimed

that hackers can exploit a weakness in Windows XP

based ATMs, that allow them to withdraw cash simply by

sending an SMS to compromised ATMs.

‎What was interesting about this variant of

Ploutus was that it allowed cybercriminals to

simply send an SMS to the compromised

ATM, then walk up and collect the dispensed

cash. It may seem incredible, but this

technique is being used in a number of places

across the world at this time. researchers

said.‎

 ‎According to researchers – In 2013, they detected a

malware named Backdoor. Ploutus, installed on ATMs in

Mexico, which is designed to rob a certain type of

standalone ATM with just the text messages.

To install the malware into ATMs machines, hacker must

connect the ATM to a mobile phone via USB tethering and

then to initiate a shared Internet connection, which then

can be used to send specific SMS commands to the phone

attached or hardwired inside the ATM.

Since the phone is connected to the ATM

through the USB port, the phone also draws

power from the connection, which charges the

phone battery. As a result, the phone will

remain powered up indefinitely.

How can this be achieved? 

• Connect a mobile phone to the machine with a USB cable and install Ploutus Malware.

• The attacker sends two SMS messages to the mobile phone inside the ATM‎ SMS 1 contains a valid activation ID to activate the malware. SMS 2 contains a valid dispense command to get the money out.
• Mobile attached inside the ATM detects valid‎ incoming SMS messages and forwards them to the ATM as a TCP or UDP packet.
• Network packet monitor (NPM) module coded in the malware receives the TCP/UDP packet and if it contains a valid command, it will execute Ploutus‎ Amount for Cash withdrawal is pre-configured‎ inside the malware.
• Finally, the hacker can collect cash from the‎ hacked ATM machine.

Researchers have detected few more advanced variants of this malware, some attempts to steal customer card and PIN data, while others attempt man-in-the-middle attacks.
This malware is  now spreading to other countries, so you are recommended to pay extra attention and remain cautious while using an ATM.

Source :    www.technotification.com/2014/03/windows-xp-flow-atm-being-hacked-by.html