In late October of 2018 there were reports circulating about at least one ATM being compromised in California using a black box installed in the topper. While DPL's modems were not involved in the incident(s), we engaged both ATMIA and NAC to gather more information about these incidents.
It is important that ATM deployers remain vigilant about physical security around the ATM. Unauthorized access to ATM cabinets can result in variety of jackpotting attacks including; (1) eavesdropping, (2) ATM malware , (3) black box, and (4) network packet sniffing.
Simply enabling TLS at the ATM is NOT sufficient to stop most attacks that leverage weak physical security of the cabinet.
ATMIA commissioned DFR Risk Management to produce "Best Practices for ATM Cabinet Security and Physical Key Management". DPL encourages ATMIA members to seek out that and other security best practice documents from ATMIA's document library (https://www.atmia.com/best-practices/).
Here are a few common recommendations that ATM deployers should be implementing at all ATMs:
- Change ATM cabinet locks. Do NOT use vendor supplied (and widely available) master keys.
- Install door, vibration, and temperature sensors. Link sensors to a central monitoring system. Similar to DPL's Protector GPS accessory.
- Prevent the ATM communications cable from being connected to another device prior to being connected to wall socket or wireless modem (DPL's install manual specifies that the Hercules modem must be installed in the safe).