Remote ATM Attack Uses SMS To Dispense Cash 150
judgecorp (778838) writes "A newly discovered malware attack uses a smartphone connected to the computer that manages an ATM, and then sends an SMS message to instruct it to dispense cash. The attack was reported by Symantec, and builds on a previous piece of malware called Backdoor.Ploutus. It is being used in actual attacks, and Symantec has demonstrated it with an ATM in its labs, though it is not revealing the brand of the vulnerable machines."
Asleep at the wheel. (Score:5, Insightful)
Really? This stuff isn't being done to begin with?
Physical access? (Score:5, Insightful)
So, this method requires quite a bit of physical access to the ATM. You have to attach a phone (why smartphone, by the way?) to the actual ATM controller.
In my opinion this begs a whole set of other security questions first....
USB port? (Score:2, Insightful)
How does anyone access the USB port of the computer that controls the ATM, without breaching enough physical security that they might as well just grab the money? Sounds like this could only work if an insider at the bank in question smuggles in a phone and hooks it to the computer. You can't just pull up to an ATM and do this.
Re:Physical Access = owned (Score:5, Insightful)
or you could cut the ATM open at the point where the cashbox is installed
to say this attack is "just not interesting" is an understatement
Re:Physical access? (Score:5, Insightful)
Re:Diebold (Score:2, Insightful)
Switching to Linux wouldn't solve their physical security issue.