Crooks Don't Need A Fancy Skimmer: They Can Just Tap An ATM's Network Cable

Crooks Don't Need a Fancy Skimmer: They Can Just Tap an ATM's Network Cable

Not all ATM attacks need an elaborate skimmer. There's a new kind of crime doing the rounds, which involves hijacking the ethernet cable of an ATM to gather your card information. Krebs on Security reports that NCR — the technology company that makes many of the pay-points and ATMs throughout the US — has issued a warning about the new kind of attack. It uses a device that's plugged into the machine's network cable to harvest your card details, while a PIN can be captured using a separate camera or keypad overlay. Such hardware has already been used to successfully attack NCR and Diebold ATMs, according to Krebs.

As you can see from the image, the attack's been levelled at a standalone ATM, where access to the network cables is fairly straightforward. Cash machines built into the wall would, obviously, prove far harder to attack in this way.

The news adds yet another thing to look out for at ATMs. If you see anything suspicious on a network connection — let alone the card slot or keypad — don't bother using the machine.

[Krebs on Security]


Comments

    If the ATMs are PCI DSS compliant then nothing should be transmitted unencrypted down the cable,.

      exactly my thoughts!
      There are A LOT of third party ATM providers out there though. I wonder what the law or over site there is on this sort of thing. Do you have to meet compliance? Or is it more like online stores being able to accept payments without any sort of compliance to adhere to or anyone to enforce it ,etc.

    Didn't we solve this attack many years ago with SSL/TLS?

Join the discussion!

Trending Stories Right Now