Security Engineer at Positive Technologies
Reverse-Engineer at Positive Technologies
Aleksei Stennikov & Vladimir Kononovich
Black Box is dead. Long live Black Box!
The number of logic attacks on ATMs continues to rise. Some of them involve a "black box," a device that is physically connected to the cash dispenser and sends commands to push out cash. Within five years of the first known black box attacks (starting from 2012), almost all new ATMs started encrypting commands to the dispenser as a precautionary measure. The research community attempted to investigate security of the implemented encryption and even obtained positive results (such results were described by Positive Technologies researchers). Criminals concentrated their efforts on easier targets, since unprotected ATMs remained plentiful. However, this situation changed rapidly in the fall of 2017 when criminals began to employ attacks on the "secure" dispenser interface.
The current state of security is discouraging: we analyzed four commercially available dispensers from major vendors and successfully withdrew cash from all of them. So despite all the efforts, ATM security is still little better than in 2012.
Vladimir Kononovich is a reverse-engineer. It's not only his job, but also his hobby. He is an active romhacking community member. Vladimir likes to reverse old-school retro-games and writes compression and decompression tools, enabling other enthusiasts to translate their favorite games into foreign languages.
Alexei Stennikov is an security engineer, hardware expert, ICS / SCADA and ATMs researcher. He successfully conducted numerous ATM, ICS / SCADA systems and hardware audits and researches.