Hantle (formerly Tranax) has recently released technical bulletins regarding the recent 'hacking' demonstration reported from the Black Hat conference. During this demonstration, Jack, who is director of security research for IOActive, gave an ATM security demonstration entitled "Jackpotting Automated Teller Machines Redux." He outlined a type of software that can be deployed, once a hacker has gained unauthorized access to the system, to allow them to maintain administrative privileges to the system without being detected. Jack also demonstrated once access has been granted to the administrator rights of the ATM, hackers can use this software to cause the ATM to completely dispense the contents of the dispenser into the cash tray.

Due to the importance of the issue, we are recommending any ATM owners to update the following machines to the latest software, which can be obtained by clicking on the links below.

These machines include:

• Hantle 1700W ATM machines with application version V02.01.12 or earlier
• Hantle C4000 ATM machines with application version V02.01.12 or earlier
• Hantle 4000T ATM machines with application version V02.01.12 or earlier

In addition, if you are not using RMS to monitor your terminals we advise you and your customers to disable the RMS/Triton Connect function (if not already done) on your terminal. This will prevent the ATM from answering RMS requests at all.

Subject: The Black Hat Demonstration

Regarding the ‘hacking’ demonstration reported from the Black Hat conference, which showed a potential vulnerability for someone to upload malicious software to the ATM via the RMS (Remote Management) function.

To close this potential hole, we advise customers to update their terminals with the following software:

1700W

Full Install: please contact Apex ATM for software files

C4000

Full Install: please contact Apex ATM for software files

T4000

Full Install: please contact Apex ATM for software files

* Note for T4000, this also includes the Service Panel fix (not allowing access)

Software Install Instructions

http://ftp.hantle.com/Manuals/Software_Update_Instructions.pdf

In the mean time, if you’re concerned about this story and you’re not using RMS to monitor your terminals you can advise your customers to disable the RMS receive function (if not already done) via the Operator Function Menu. This will prevent the ATM from answering RMS requests at all.

(Master or Service password required) Host Setup > Remote Monitor > RMS Receive = Disabled With RMS disabled, the ATM will not answer the phone.

If you are a customer using RMS, we advise that you download the new software and update your machines.

Demonstrations such as this remind everyone of the threats our industry faces. We take these very seriously and will continue to look for ways to make to our machines secure.

If you have any questions please contact [Hantle] Technical Support.