Thursday, July 10, 2008

ATM Vulnerabilities Plague Citibank

Citibank's ATMs are in the news again, but this time -- though details are still scarce -- for some basic security issues.

So far, the speculation is that there could have been, at least, among others, two security issues. Unencrypted PINs transmitted from the ATMs to back end servers, and insecure servers themselves.

What makes this interesting, if its due to these two causes, is that the ATM machines themselves weren't tampered with, as has happened in the past.

Citibank's ATMs were also the subject of a recent Wired article.


Blogger Random InfoSec Guy said...

ATMs never send PINs unencrypted. PANs - yes, but PINs are always encrypted when being sent to the backend from an ATM.

9:47 AM  

Post a Comment

<< Home