Early in 2018 Darryl and Kristy Staal, owner/operators of Kida ATM Services, were the victims of an ATM smash and grab. Located in Thunder Bay Ontario, Darryl and Kristy manage over 100 ATMs. During the incident, thieves smashed out a window to gain entry to the building, then ripped the ATM out, causing a lot of collateral damage in the process. The theft was caught on camera, however police were unable to recover the ATM or catch those responsible, resulting in a total loss.
In late October of 2018 there were reports circulating about at least one ATM being compromised in California using a black box installed in the topper. While DPL's modems were not involved in the incident(s), we engaged both ATMIA and NAC to gather more information about these incidents.
It is important that ATM deployers remain vigilant about physical security around the ATM. Unauthorized access to ATM cabinets can result in variety of jackpotting attacks including; (1) eavesdropping, (2) ATM malware , (3) black box, and (4) network packet sniffing.
Simply enabling TLS at the ATM is NOT sufficient to stop most attacks that leverage weak physical security of the cabinet.
ATMIA commissioned DFR Risk Management to produce "Best Practices for ATM Cabinet Security and Physical Key Management". DPL encourages ATMIA members to seek out that and other security best practice documents from ATMIA's document library (https://www.atmia.com/best-practices/).
Here are a few common recommendations that ATM deployers should be implementing at all ATMs:
A Brief History
In May of 2014, the National Institute for Standards and Technology (NIST) revised its security guidelines for servers supporting unclassified yet sensitive US security information (thanks Edward Snowden). The update stated that by the beginning of 2015 these servers should be configured to support TLS 1.1 and TLS 1.2 and that they should no longer support TLS 1.0, SSL 2.0 or SSL 3.0.
They will then proceed to shut down parts of the network in Saskatchewan on June 30, 2017 and then in Ontario, Québec, Fort Nelson British Columbia and in the Atlantic provinces in April of 2018.
In April of 2016 AT&T announced plans for a nation wide shutdown of its 2G networks by December 31, 2016 so it could support its HSPA 3G and LTE-based services. With Verizon also announcing plans to shut down their 2G networks by December 31, 2019 the 2G shutdown is also being referred to as the “2G Sunset”.
Like a lot of us, you’re probably confused about the differences between 2G, 3G, 4G and LTE wireless ATM Modems. And if you’ve ever researched the subject online, there is a good chance you’re even more confused now - or asleep in front of your computer… WAKE UP!