Turns Out Diebold's ATMs Insecure As Well; Scammers Install Malware
from the what-a-surprise dept
Diebold is pretty well known for being in two separate, though similar, businesses: ATMs and e-voting machines. Its e-voting machines have always had a terrible reputation, with security flaws and bugs galore (the company recently has tried to hide from all the negative publicity by renaming the e-voting division as Premier Election Solutions). However, many people kept asking how the company could get so many things so wrong when it came to e-voting, but still get its ATMs working properly. Of course, as has been noted in the past, the way ATMs work is quite different, and mistakes are likely to be spotted quickly.
However, it’s now coming out that Diebold’s ATMs also have security problems. Slashdot alerts us to the news that Diebold has issued a patch after discovering that some scammers have been able to install “card sniffing” software on a variety of Diebold ATMs allowing the scammers to get all your card details. Is that Premier Banking Solutions I hear knocking?
Comments on “Turns Out Diebold's ATMs Insecure As Well; Scammers Install Malware”
It’s really quite scary how many ATMs run Windows. Diebold certainly isn’t alone in doing so, but being part of the herd is no excuse.
You’d think this outfit would wake up and wise up after all their troubles. They’d have been far ahead to hire someone with a Linux background to write some decent software for them.
Not fit for purpose
Never mind trying to fix what they’ve got, how they’re actually still in business is a mystery. Surely regulatory, never mind economic, pressures would have an effect?
Linux?
If you have physical access to the boxes, as these people did, it doesn’t matter *what* OS you have. This is not a software issue, it is a combination of hardware and wetware.
Re: Linux?
At least one reader on here isn’t a complete dumbass jumping on the “Diebold Sucks” bandwagon. 90% of these idiots didn’t even know Diebold made ATMs.
Re: Linux?
If I lock the BIOS of my machine, as well as the recovery terminal, and start not as root, damn good luck changing anything without the root password… Naturally, the disk must be encrypted as well – but with all those, either the encryption of the password must be cracked to change things. That’s way beyond the ability of typical criminals…
DieBold
I worked on Diebold ATM’s for over 8 years for A VERY large National Bank. The DieBolds would hardly ever balance. We had 20 year old IBM ATM that would always balance NCR ATM that not onle always balanced nut only needed maintenance about once a quarter. Brand new Diebolds needed daily maintenance. The Bank eventually replaced all the IBM’s and NCR’s with DieBolds. Why….. The company is crooked and bribes to fellow exec’s go a long way.
Know your DieBold voting machines will never be safe or accurate. But Officials will continue to buy them… and get rich!
Awaiting list of banks that bought these
I would love to see a list of banks that use these on wikileaks, wouldn’t you?
The whole story
The thieves had physical access to the machines. Why is that not mentioned in your “down with Diebold” article?
Wouldn’t the ability to author malware for an ATM hinge on the authors having access to the OS running on the machine? If so, how the heck are they getting their hands on that? I mean, clearly this is not just Windows code, this is sophisticated thievery going on here.
If they didn't have issues...then why did they develop this?
http://www.news.diebold.com/article_display.cfm?article_id=5014