Encrypt the signal from the host to cash dispenser, have a debugger process that is connected to the host process that also stores the encryption keys and or talks to an HSM. Mitigates tampering of a live system, makes flashing new firmware problematic.
Physically limit the cash dispenser from outputting k bills over n seconds. Have those limits be session based, again signaled by main host process. Would require a full login/logout cycle for k bills.
Most likely, the systems are left wide open internally to ease development and mask bugs.
My ending blanket statement is that finance people know how to be cheap, they can optimize along one axis, replacing a 5$ with a 2$ part, but the really good ones optimize the whole system over a long time horizon.
NCR is focused on profits not security, even though they sell POS (point of sale), ATM machines, and airport kiosks.
From my personal dealings with NCR, I can confirm that they care very little for security, regardless of what their corporate line.
To put this in perspective: if you go to a grocery store, restaurant, or quick service (fast food) establishment and use a credit card then your full account number, name, and exp is recorded in their system. This information is accessible by anyone with store level admin (not windows admin, but think a manager with manager card).
This violates PCI but hey, fuck PCI, hard sending the system takes resources and who wants to do that?
On HN, folks keep talking about security and other such nonsense, however, anyone who has seen the other side isn’t very optimistic. Between ease of use, profit margins, and no pushback on insecure systems, all loses are just write offs.
A lot of money has gone into locking this hardware down, and I think for the xbox 360, which was released in 2005(!) there is still only one hack they couldn't solve with a software update, and that's soldering to the CPU and glitching it on a specific compare instruction.
I would bet, this "sophisticated malware" is a lot more trivial than glitching the CPU on one specific intruction and having to take a soldering iron to the ATM, then fiddling trying to get the timing exactly right.
Building a chain of trust and authenticate commands to the cash dispenser really shouldn't be an issue.
Really, just put a fucking xbox in these ATMs. Lots of people attacking those while being able to do whatever they want to the hardware with limited to no success. (I don't think anyone has managed to open up the xbox one?)
ATMs on the other hand are designed to interact with physical hardware that sucks money up and spits it out. Locking down the operating system is easy, but if the hardware is controlled by serial interfaces then you've got a weak point there unless the serial interfaces are encrypted (spoiler, they are not!). To encrypt them you'd need to put something at the OS side and something at the hardware (pneumatics/motors) side and ensure they aren't accessible (ie, located inside the safe part of the ATM). Its not impossible to do, but I somehow doubt they'll do it anyway.
But breaches happen, and lead to lawsuits, and I can just imagine trying to impress a jury about the security of your ATM while the other side cracks jokes about gold coins in Super Mario and speculates about your low Halo ranking.
