A Risk Assessment of Logical Attacks on a CEN/XFS-based ATM Platform

Braeuer, Johannes; Gmeiner, Bernadette; Sametinger, Johannes

Home // International Journal On Advances in Security, volume 9, numbers 3 and 4, 2016 // View article

A Risk Assessment of Logical Attacks on a CEN/XFS-based ATM Platform

Authors:
Johannes Braeuer
Bernadette Gmeiner
Johannes Sametinger

Keywords: ATM security; logical ATM attacks; XFS; embedded system security; risk assessment.

Abstract:
Automated Teller Machines (ATMs) contain considerable amounts of cash and process sensitive customer data to perform cash transactions and banking operations. In the past, criminals mainly focused on physical attacks to gain access to cash inside an ATM’s safe. For example, they captured customer data on the magnetic strip of an ATM card with skimming devices during insertion of the card. These days, criminals increasingly use logical attacks to manipulate an ATM’s software in order to withdraw cash or to capture customer data. To understand the risks that arise from such logical attacks, we have conducted a risk assessment of an ATM platform. This ATM platform is running in a real bank environment and is built on the CEN/XFS specification. The result of this assessment has revealed the main issues that are responsible for vulnerabilities of an ATM platform. The risk assessment has identified effective countermeasures and has additionally provided a prioritization of activities for ATM manufacturers.

Pages: 122 to 132

Publication date: December 31, 2016

Published in: journal

ISSN: 1942-2636