Tuesday, August 24, 2010

ATM Makers Release Fixes for 'Jackpotting' Flaw

Via Threatpost.com -

Two ATM manufacturers have released software updates to address the remotely exploitable vulnerabilities in their machines' firmware that IOActive researcher Barnaby Jack demonstrated live on stage at the Black Hat conference last month.

In response to the demonstration, in which Jack was able to bypass the authentication mechanism on the ATMs and then load a small rootkit that he wrote, ATM manufacturers Hantle and Triton have released new versions of their firmware that fix the vulnerability. Both manufacturers are recommending that ATM owners install the updates immediately

[...]

Triton and Hantle also are recommending that customers who aren't using the ATM's remote management interface disable that feature to protect against any other remote attacks.

No comments:

Post a Comment