Wireless ATM Store Rolls Out 'Man-In-The-Middle' Hack Defense

Posted On: 11/21/2018

  • Printer Friendly Version
  • Decrease Text SizeIncrease Text Size
  • PDF

NORTH WALES, PA -- Wireless ATM Store reports that it has developed an alternative solution for preventing "man-in-the-middle" attacks on automated teller machines. The company worked with ATM manufacturer Genmega to engineer new security features to help protect vulnerable TCP/IP wireless connections.

This initiative was prompted by recent "man-in-the-middle" attacks on ATMs in California, which targeted unencrypted ATM communications rather than the ATM terminal itself.

According to reports, hackers used some type of host-simulating device to send altered transaction reply messages that changed transaction denials into approvals, thus tricking the ATM into dispensing cash. The perpetrators were able to perform these fraudulent transactions by inserting a hacked wireless device into the top cabinet of the ATM to play the role of a "man in the middle," altering the reply returned by the host.

"Our first priority is always our customers," said Wireless Store chief executive Rick Tibberino. "We are very happy to have been able to provide an alternative solution to prevent these type of attacks so quickly."

When ATM operators use a wireless box for a faster connection, they may bypass the ATM's built-in SSL encryption, leaving the terminal vulnerable. "To combat these hacks, we worked with the Wireless ATM Store to update our software with new security features to sync the wireless device to the ATM, preventing criminals from switching boxes to perform unauthorized transactions," explained Genmega senior vice-president of sales Wes Dunn.

"Although this is not a permanent solution, it is a roadblock and, obviously, that's a good thing," Dunn added.

"The new software features will require the master password to install, replace or alter the wireless communication device," The Wireless ATM Store's Tibberino explained. "We've successfully tested the solution, and are proud to announce the updated software will fortify all ATM wireless devices running on IP-only terminals, not just those sold by the Wireless ATM Store.

"Moving forward, we expect to work with the other ATM manufacturers to ensure all ATMs are protected from this type of attack," he emphasized.

Information may be had from the Wireless ATM Store by calling  (877) 977-8020 or emailing info@wirelessatmstore.com. The company can provide assistance with setting up terminals to take advantage of the software's new security features.

Founded in 2012, Wireless ATM Store is a wholly-owned subsidiary of ATM Partner, Inc., which provides ATM sales and processing. The Wireless ATM Store offers a robust web portal, CheckURBox.com, and a wide variety of wireless connectivity solutions for ATMs, credit card terminals, vending machines, amusement and arcade games, and other Internet-connected equipment.