Security alerts

Man-in-the-middle ATM attacks

NCR Atleos is aware of a recent rise in man-in-the-middle (MitM) jackpotting attacks on banks with unprotected ATM communications in the U.S. and Thailand. This type of attack typically involves connecting a device and/or introducing malware into the network to allow host messages to be intercepted and modified when a specific card belonging to the attacker is entered into the ATM. The card used will be untraceable to the attacker. Typically, stolen or prepaid cards are used. These types of attacks are possible when the communications between the ATM and host are not protected.

To guard against this type of attack, NCR Atleos recommends:

• Transmission of sensitive cardholder data across all networks be encrypted using TLS 1.2 (as a minimum) between the ATM and the host. This is because MitM attacks can be used to skim cardholder data. PCI DSS Requirement 4.1 states the use of strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks.
• Care must be taken to ensure that protection is applied end to end. This means TLS 1.2 must be implemented directly in the ATM PC Core.
• If a router is used, then the link between the ATM and the router must be protected.
• If protection is only applied over the link from the router to the host, then attackers can exploit the network link between the ATM PC core and the router. The link between the ATM and the router is the most common location for a MitM attack.
• MACing should be applied to sensitive authorization messages.

Further details can be found in our Logical security best practices whitepaper.

Questions? Contact your NCR Atleos representative.