https://www.csoonline.com/article/3564540/vulnerable-drivers-can-enable-crippling-attacks-against-atms-and-pos-systems.html
By Lucian Constantin
CSO Senior Writer
CSO
June 30, 2020
ATMs and point-of-sale (POS) systems have been a target for many
cybercriminal groups over the past several years resulting in some of the
largest card breaches and money heists in history. While attackers have
various ways to break into these machines, researchers now warn that
vulnerabilities in the drivers they contain could enable more persistent
and damaging attacks.
Researchers from Eclypsium, a company that specializes in device security,
have evaluted the security of device drivers, the programs that allow
applications to talk to a system's hardware components and leverage their
capabilities. Over the past year, their research project, dubbed Screwed
Drivers, has identified vulnerabilities and design flaws in 40 Windows
drivers from at least 20 different hardware vendors, highlighting
widespread issues with this attack surface.
Most people think of Windows in the context of servers, workstations and
laptops, but these are not the only types of devices that run Microsoft's
operating system. Windows is also widespread in the world of ATMs, POS
terminals, self-service kiosks, medical systems and other types of
specialized equipment. These devices are generally harder to update
because they're used in regulated industries and environments, so updates
need to pass strict testing and certification. Taking them offline for
extended periods of time can lead to business disruption and financial
loss.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/
