A critical Security vulnerability was discovered on ATM’s running on Windows XP of Sberbank bank in Russia.
The vulnerability can be easily exploited by hackers and was discovered by an employee of Russian blogger platform Habrahabr .
The full-screen lock which prevents access to various components of an ATM operating system could be easily bypassed by pressing sticky keys like SHIFT, CTRL, ALT, and WINDOWS 5 times.
According to the user by pressing SHIFT key five times in a row, it will allow access to the windows settings and displaying the taskbar and Start menu of the operating system with this hackers an access windows XP from the touchscreen.
“Well, I, standing at the terminal of the Savings Bank with a full-sized keyboard and waiting for the operator to answer the phone, decided to press this Shift from boredom, naively believing that without functional keys this would lead to nothing. No matter how it is! Five times quick pressing of this key gave me that very little window, besides revealing the task panel with all the bank software.” said the user in the blog post published.
This vulnerability can allow hackers install malicious codes or modify ATM boot scripts.
According to the German website WinFuture, the bank has been informed about the vulnerability found in ATM machine almost two weeks ago, and the bank has promised to fix the flaw immediately.
The user who discovered the flaw said that the flaw was still there when he revisited the terminal again after two weeks.
“All this happened on the sixth of December. Two weeks later I decided to check that there is a terminal. Still, after all, they said that they “fixed” the problem, probably they should have already eliminated it, but no – it’s still there, the window still pops up.”