News Vulnerabilities in ATM and PoS terminal drivers expose them to cyber attacks


Jun 28, 2020
Reaction score
Exploitation of vulnerabilities allows attackers to elevate privileges and gain access to the target system.


Eclypsium experts analyzed the Windows drivers used in ATMs and PoS terminals and found that more than 40 drivers from 20 suppliers contain dangerous vulnerabilities, the operation of which allows attackers to increase privileges and gain access to the target system.

“By exploiting vulnerabilities in drivers, cybercriminals can increase privileges, gain access to information and, ultimately, steal money or customer data,” explained Eclypsium experts.

As an example, experts talked about the vulnerability in the driver that is used in Diebold Nixdorf ATMs. The driver provides access to I / O ports and is quite limited in terms of functionality compared to other drivers. A similar driver can be used by attackers in the initial stages of an attack, since it can provide access to devices connected via PCI (“peripheral component interconnection”), including external devices and an SPI controller that provides access to system firmware.

This driver can also allow an attacker to install a bootkit on the target device, since the driver is used to update the BIOS firmware.

Specialists reported their findings to the supplier at the end of 2019, the manufacturer released bug fixes earlier this year.
Top Bottom