Turns Out Diebold's ATMs Insecure As Well; Scammers Install Malware

from the what-a-surprise dept

Diebold is pretty well known for being in two separate, though similar, businesses: ATMs and e-voting machines. Its e-voting machines have always had a terrible reputation, with security flaws and bugs galore (the company recently has tried to hide from all the negative publicity by renaming the e-voting division as Premier Election Solutions). However, many people kept asking how the company could get so many things so wrong when it came to e-voting, but still get its ATMs working properly. Of course, as has been noted in the past, the way ATMs work is quite different, and mistakes are likely to be spotted quickly.

However, it's now coming out that Diebold's ATMs also have security problems. Slashdot alerts us to the news that Diebold has issued a patch after discovering that some scammers have been able to install "card sniffing" software on a variety of Diebold ATMs allowing the scammers to get all your card details. Is that Premier Banking Solutions I hear knocking?


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, Mar 18th, 2009 @ 9:38pm

    It's really quite scary how many ATMs run Windows. Diebold certainly isn't alone in doing so, but being part of the herd is no excuse.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Mark, Mar 19th, 2009 @ 12:00am

    You'd think this outfit would wake up and wise up after all their troubles. They'd have been far ahead to hire someone with a Linux background to write some decent software for them.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Paul Berry, Mar 19th, 2009 @ 2:46am

    Not fit for purpose

    Never mind trying to fix what they've got, how they're actually still in business is a mystery. Surely regulatory, never mind economic, pressures would have an effect?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    EH, Mar 19th, 2009 @ 4:08am

    Linux?

    If you have physical access to the boxes, as these people did, it doesn't matter *what* OS you have. This is not a software issue, it is a combination of hardware and wetware.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Diebold, Mar 19th, 2009 @ 7:44am

      Re: Linux?

      At least one reader on here isn't a complete dumbass jumping on the "Diebold Sucks" bandwagon. 90% of these idiots didn't even know Diebold made ATMs.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      ha, this time you're actually wrong..., Mar 19th, 2009 @ 3:15pm

      Re: Linux?

      If I lock the BIOS of my machine, as well as the recovery terminal, and start not as root, damn good luck changing anything without the root password... Naturally, the disk must be encrypted as well - but with all those, either the encryption of the password must be cracked to change things. That's way beyond the ability of typical criminals...

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    ChuckE, Mar 19th, 2009 @ 4:33am

    DieBold

    I worked on Diebold ATM's for over 8 years for A VERY large National Bank. The DieBolds would hardly ever balance. We had 20 year old IBM ATM that would always balance NCR ATM that not onle always balanced nut only needed maintenance about once a quarter. Brand new Diebolds needed daily maintenance. The Bank eventually replaced all the IBM's and NCR's with DieBolds. Why..... The company is crooked and bribes to fellow exec's go a long way.

    Know your DieBold voting machines will never be safe or accurate. But Officials will continue to buy them... and get rich!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    linlu, Mar 19th, 2009 @ 9:37am

    Awaiting list of banks that bought these

    I would love to see a list of banks that use these on wikileaks, wouldn't you?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Doug (profile), Mar 19th, 2009 @ 10:01am

    The whole story

    The thieves had physical access to the machines. Why is that not mentioned in your "down with Diebold" article?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Malware, Feb 3rd, 2010 @ 7:53am

    Wouldn't the ability to author malware for an ATM hinge on the authors having access to the OS running on the machine? If so, how the heck are they getting their hands on that? I mean, clearly this is not just Windows code, this is sophisticated thievery going on here.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Diebold does suck..., Mar 11th, 2010 @ 10:34am

    If they didn't have issues...then why did they develop this?

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This