Critical Vulnerability Discovered in Russia’s Most Popular ATMs

The most widely used ATMs in Russia, manufactured by the American company NCR, have been found to contain a serious security vulnerability. Although the vendor addressed the issue fairly quickly, many Russian banks have still not received the necessary updates.

The security problem was resolved about six months ago. Researchers from Positive Technologies publicly disclosed the vulnerability at the Black Hat conference.

How the Vulnerability Works

According to experts, an attacker can install outdated—and therefore vulnerable—software on the dispenser controller. The dispenser is the component responsible for dispensing cash.

Fortunately, a criminal would need physical access to the targeted device, as exploiting the vulnerability requires connecting a single-board computer to the dispenser to send a command to withdraw cash.

The root cause of the vulnerability is improper memory write protection.

Risks for Russian Banks

Specialists note that NCR ATMs are the most common in Russia. Given the seriousness of this vulnerability, financial institutions should carefully consider the associated risks.

The problem is made worse by the need to manually install the patch on every ATM, which is a significant undertaking.

Vendor Response and Legal Implications

NCR, the ATM manufacturer, actively cooperated with the experts who discovered the vulnerability, which allowed for a quick fix. However, due to the complexity of the update process and the challenge of delivering it to all affected devices, victims of successful attacks exploiting this vulnerability may file claims against NCR for financial damages.

However, in such cases, the reputation of the bank that was hacked could also suffer.