[Tech] ATM basati su Windows XP Embedded vulnerabili ai virus

Lo scorso mese di agosto, secondo quanto riporta The Register, gli ATM (Automated Teller Machine, in pratica i nostri Bancomat) di due "istituzioni finanziarie" sono stati compromessi da virus in grado di sfruttare la vulnerabilità relativa all'RPC (Remote Procedure Call) di Windows. Gli ATM colpiti sono stati prodotti dalla società Diebold:

The machines were in an advanced line of Diebold ATMs built atop Windows XP Embedded, which, like most versions of Windows, was vulnerable to the RPC DCOM security bug exploited by Nachi, and its more famous forebear, Blaster.



At both affected institutions the ATMs began aggressively scanning for other vulnerable machines, generating anomalous waves of network traffic that tripped the banks' intrusion detection systems, resulting in the infected machines being automatically cut off, Diebold executives said.

In settembre avevo segnalato uno studio che prevedeva l'aumento della quota di ATM Windows-based dal 12% attuale al 65% entro il 2005, e le prime relative preoccupazioni degli esperti: preoccupazioni alquanto fondate, a quanto pare.



Significativo che anche nel caso dei bancomat Diebold il guaio sia stato aggravato dal fatto che l'azienda non ha applicato con la necessaria tempestività le patch di sicurezza rilasciate da Microsoft:

A patch for the critical RPC DCOM hole had been available from Microsoft for over a month at the time of the attack, but Diebold had neglected to install it in the infected machines. Billett defended the company's patching process, which he said involves testing each new bug fix, and deploying at a wide variety of institutions with a mix of network architectures.

Nell'articolo non mancano alcune considerazioni generali su Windows:

The incident highlights new dangers for financial institutions, as legacy ATMs running OS/2 and propriety communications protocols give way to more versatile and cost effective terminals built on Microsoft Windows and TCP/IP -- with all the attendant security problems.



Though ATMs typically sit on private networks or VPNs, the most serious worms in the last year have demonstrated that supposedly-isolated networks often have undocumented connections to the Internet, or can fall to a piece of malicious code inadvertently carried beyond the firewall on a laptop computer.



January's Slammer worm indirectly shut down some 13,000 Bank of America ATMs by infecting database servers on the same network, and spewing so much traffic that the cash machines couldn't processes customer transactions.

Fonte: The Register.