Fake news about the next vulnerability of NCR ATMs

However a row of mass media reported today that NCR, allegedly, did not warn Russian banks about vulnerability and they did not receive software updating for its elimination. As a result the number of attacks to ATMs in the spring of the current year sharply grew.

"In February, 2018. the software updating excluding possibility of operation of this class of vulnerabilities was let out, recommendations about protective measures" were dispatched to all clients — declared to PLUSworld.ru portal in NCR.<"11>" press service

according to expert ATM of Group of Non-commercial organization "Association uchastnikov MasterCard", the number of attacks like "Blackbox" in 1 quarter 2018 decreased twice in comparison with the similar period of last year. Thus, in the spring of 2018 experts did not record growth of attacks to ATM.<"12>"

Vulnerability in NCR ATMs was connected with insufficient protection of the mechanism of record of memory in two models of dispensers — S1 and S2. It allowed to carry out attack like Black Box. The hacker could establish on the dispenser controler outdated and less protected ON, to connect the one-paid computer to a dispenser and to send command for cash withdrawal.

once again emphasized that use of actual, supported versions ON is a critical and important element of the echeloned protection of ATMs from logical attacks while use of the outdate versions removed from support ON is serious threat of safety.

On the materials PLUSworld.ru