Another Take On ATM’s vs. Voting Machines Myth #8 – If we can trust our money to ATMs we can trust our votes to computers. <10 myths> <also>

Perhaps ATM’s are not as safe as we sometimes think.

Today a story shows that ATM’s are vulnerable.  SCMagazineUS has the story: ATM malware appears, Diebold issues security update <read>

Security firm Sophos reported this week that it received three samples of a trojan that was customized to run on Diebold-manufactured cash machines in Russia, said Graham Cluley, Sophos’ senior security consultant. The malware was able to read card numbers and PINs — then when the attacker returned to the ATM, he inserted a specially crafted card that told the machine to issue him a receipt containing the stolen information.

“Basically [the malware] would be spewing out the identity information,” Cluley told on Wednesday. “It’s a really cunning scheme. You need to know how to talk to the ATM. It was working with the Diebold DLL (dynamic-linked library). It knew what API (application programming interface) calls to make, which is information, I suspect, not normally in the public domain.”

Diebold this week disclosed that it issued a security update in January for its ATMs running a Windows-based operating system to address the problem. Diebold told its customers in a letter that a number of its machines in Russia were infected — but the company did not reveal specifics on the attacks.

The somewhat comforting part of this story is that Diebold issued a fix in short order for the problem – while problems in their voting machines go unaddressed for years through multiple software versions.

However, it is a reminder of the vulnerability of any computer system to which somone gains access, including voting systems.


Leave a Reply

You must be logged in to post a comment.