U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cyber crooks focus on the future as ATM Biometric Skimmers go on Sale

Kaspersky Lab presented an investigation on the future of ATM Biometric Skimmers and how cybercriminals could exploit them. A recent investigation by Kaspersky Labs reports that a number of underground sellers are offering skimmers, which have the capability of stealing users biometric data such as fingerprints. A number of others are researching iris scanning and […]

Cyber crooks focus on the future as ATM Biometric Skimmers go on Sale

Kaspersky Lab presented an investigation on the future of ATM Biometric Skimmers and how cybercriminals could exploit them.

A recent investigation by Kaspersky Labs reports that a number of underground sellers are offering skimmers, which have the capability of stealing users biometric data such as fingerprints. A number of others are researching iris scanning and palm vein recognition systems.

With a number of banks looking to introduce fingerprint-reading technology into their ATMs, Cyber Criminals are looking to stay ahead of the curve by cashing in on exploiting these systems before they make it to general release.

With the inherent weaknesses in PIN and password based authentication, biometrics looks to take over as the most prominent authentication type in the near future.

Biometric skimmers first made their appearance in September of last year, however, due to a number of technical limitations and bugs including the slow data transfer rates of biometric over GSM impacting the functionality, progress was quickly stalled.

This generation of the technology, however, is proving to be more effective and faster.

“The problem with biometrics is that unlike passwords or pin codes, which can be easily modified in the event of compromise, it is impossible to change your fingerprint or iris image. Thus, if your data is compromised once, it won’t be safe to use that authentication method again. That is why it is extremely important to keep such data secure and transmit it in a secure way.” explained Olga Kochetova, a security expert at Kaspersky Labs. 

“Biometric data is also recorded in modern passports – called e-passports – and visas. So, if an attacker steals an e-passport, they don’t just possess the document, but also that person’s biometric data. They have stolen a person’s identity.”

attack-scenario-atm-biometric-skimmers

Discussions have also been seen online where would be scammers are looking into mobile applications that use masks worn over they would be criminals face in order to fool facial recognition systems.

Although these techniques are more advanced than the current malware and ransomware attacks that are so prevalent against today’s Internet banking technologies, Kaspersky Labs also commented that it did not expect to see many of the more traditional methods abates.

Below a video PoC of an ATM attack.

It’s expected that exploiting biometric authentication will just be added to the banking scammers arsenal.

Enjoy the report “FUTURE ATTACK SCENARIOS AGAINST AUTHENTICATION SYSTEMS, COMMUNICATING WITH ATMS

Written by: Steven Boyd

Steven BoydSteven is a security consultant, researcher, ethical hacker and freelance writer with over 16 years of experience in the industry. He has provided security consultancy to some of the world’s biggest banks, the private sector as well as public services and defense. He is the owner and creator of security blog www.CybrViews.com.

Twitter: @CybrViews

 

 

 

 

[adrotate banner=”9″]

(Security Affairs – BT Wi-Fi extenders, hacking)