According to a report by Wired magazine, IOActive security researcher Josep Rodriquez warns that: many NFC readers used in modern ATMs and POS systems have vulnerabilities that make the machines susceptible to attacks.
A video shared by Wired shows that Rodriquez was able to make an ATM in Madrid display error messages simply by waving his smartphone near the NFC reader, while the machine became unresponsive to actual credit cards placed on the reader.
This means that Rodriquez could exploit any potential vulnerabilities in the machine just by waving his smartphone in front of the NFC reader. ﹀﹀﹀These vulnerabilities could lead to: attacks from nearby NFC devices, ransomware attacks that lock the machine, or even hackers extracting certain credit card data. Rodriquez also warned that these vulnerabilities could be used for “jackpotting” attacks to trick the machine into dispensing cash. However, such attacks are only likely to succeed when paired with the exploitation of other vulnerabilities. 
Rodriquez’s research highlights two issues with these systems: 1. Many NFC readers are vulnerable to relatively simple attacks. In some cases, the readers do not verify how much data they receive, which means attackers can overwhelm the system with excessive data, leading to memory corruption as part of a “buffer overflow” attack. 2. ATM manufacturers are slow to apply patches to machines. Typically, physical access to the machines is required to apply updates, and many machines do not receive security patches regularly. For example, one company stated that although a patch was applied to specific models in 2018, researchers were still able to verify the attack in a restaurant in 2020, demonstrating that security updates were not effectively implemented. As we strive to use more features in smaller embedded systems, their security is often overlooked, making the maintenance of embedded system security a significant challenge we currently face.
Recommended Articles++++
* Microsoft admits to signature bypassing malicious Netfilter rootkit kernel driver* “Father of Antivirus” McAfee commits suicide in prison, marking the end of a legendary life* Latest malware attack! Targeting Windows pirated users* Hackers sell over 3.3 million data! Volkswagen customers caught in the crossfire* New iOS bug causes iPhones to become wireless incapacitated when connecting to certain Wi-Fi networks* Latest! Win7 will no longer download driver updates through Windows Update* Two individuals convicted for illegally scraping and using data from 1.18 billion Taobao users﹀﹀﹀
Public Account ID: ikanxueOfficial Weibo: Kanxue SecurityBusiness Cooperation: [email protected]
Share
Like
Watch
Click“Read the original text” to recharge together!