Bork!Bork!Bork! Behold an ATM crying out for a man-in-the-middle attack. An obsolete Microsoft operating system cannot be blamed here. This is all about the hardware.
When we talk about installation, we're usually referring to Windows 2000 turning up on a ticket machine, Windows 7 showing its face where it isn't welcome, or even Windows 10 having a moment on an information display.
Today's bork, however, is a bit different. Spied by an eagle-eyed Register reader, this installation is all about the hardware: a router connected to an ATM to provide connectivity.
Router on top of an ATM – click to enlarge
We're not going to reveal the location, since this hardware is so loudly crying out for a man-in-the-middle attack that it's practically a honeypot for miscreants. In another image shared by our reader, a cashbox is also wedged up against the machine.
We've obscured any identifying markings on the router, but there's a purple cable running from the device to a grungy BT OpenReach socket in the wall, and another cable connected to an Ethernet socket.
The device itself looks like a GW6650V series router from Virtual Access. It's not a bad choice – there are a pair of SIM sockets to keep things running should connectivity wobble, and "Advanced Security." Handy for a device that calls itself a "Cost-effective business grade router" with applications including "Financial/ATM."
All good then, at least from the perspective of business rather than domestic use. The 802.11n Wi-Fi isn't going to set the consumer world alight, but it is more than good enough for an ATM.
The problem is the installation. Regardless of how wonderful and secure a given piece of hardware might be, leaving it in a spot where the public can get their hands on it is rarely a good idea.
After all, as well as the technically savvy who might ponder how a man-in-the-middle attack could be accomplished with all those exposed ports and cabling, there is also the vandal armed with chewing gum and the curious child who would wield a sticky piece of candy or a savory snack.
And then there's the probably interruptible power situation. Let's face it, this gets worse the longer you look at it.
So, today's bork has nothing to do with the software installation, but everything to do with the hardware installation. Not that this hack would ever leave something quite so exposed for all to see… ®
Source: The register