Ripper! Boffins find malware thought behind $347k Thai ATM raids Researchers at security firm FireEye may have found the malware responsible for plundering ATMs across Thailand and other parts of South East Asia. The security boffins reckon the Ripper malware is "strongly" linked to the plundering last week of ATMs in Thailand in which 12 million Thai baht (US$346,992 ,£265,308, A$458,432) …
Minimal attack surfaces and YAGNI sadly absent from most designs. Shades of the Larson cartoon of castaways in an inflatable lifeboat lifting in a box of "ACME broken glass and sharp metal bits" because "well, it might come in useful"
That struck me as well, but on reading the article, ElReg is wrong: the EMV card is not the infection vector as they mistakenly wrote. It's only the authentication mechanism.
From the original:
"RIPPER interacts with the ATM by inserting a specially manufactured ATM card with an EMV chip that serves as the authentication mechanism. Although this technique was already used by the Skimmer family, it is an uncommon mechanism."
EMV cards do not have the ability to contain the amount of data needed for an infection, let alone to automatically install software on the host.
In fact, the original article does not explain how the ATMs are infected, but the choice of a country with a less-than-stable society could imply some insider help.
If only it was the only bug in ATM machines in Thailand...
For some month, it is advertised that ATM will be using the chip on cards and not the magnetic strip... Since it has been announced, some of the ATM at my bank stopped working at all with any card that has a chip on it. I complained a couple of time, not to avail.
One evening, I found the top part (computer part) of one ATM open, with no operator around. It was enough to push it to lock, but I also complained with the central bank.
So malware? Just another day at work.
Want to know about the internals of an ATM? Work in a pub which has one. The cash is (should be) removed each night and placed into a safe therefore reducing the attractiveness of the machine as a target for theft. From memory, the whole of the case opens up so you can see/access all parts rather than just the area where the cash is stored.
Security starts with physical security..
Prize for Mr/Mrs Obvious.
Now if ATMs ran on ARM/Linux combinations, guess what platform the Malware would only infect?
Trust me, get rid of windows today, replace every single PC and server in the world with Linux, and see how long it is before Linux dies under the Malware crush.
I mean, criminals are not going to stop just because the OS changed..
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
