Holding upwards of $400,000, ATMs continue to be a target of opportunity and have seen over a 600% increase in crime in the last few years. Over the last four years, I have conducted research with another colleague into the enterprise ATM industry which resulted in the discovery of 6 vulnerabilities in Diebold Nixdorf’s Vynamic Security Suite (VSS), the most prolific ATM security solution in the market. 10 minutes or less is all that a malicious actor would need to gain full control of any system running VSS via offline code injection and enable decryption of the primary Windows OS. Diebold Nixdorf is one of three major North American enterprise class ATM manufacturers with a global presence in the financial, casino/gaming, and point-of-sale markets. Similar attack surfaces are currently being used in the wild and impact millions of systems across the globe. Furthermore, VSS is known to be present throughout the US gaming industry, including most of the ATM/cash-out systems across Vegas.

This session will explore the technical intricacies of this research, review the convoluted ATM market, and reveal the discovery process of these vulnerabilities. The Full Disk Encryption module of VSS conducts a complex integrity validation process to ensure a trusted system state. Executed in a layered approach during system initialization. Examination of the inner workings of this process will highlight various deficiencies, each demonstrated through PoC exploitation.

Each vulnerability presented in this session has been observed to have a recursive impact across all major versions of VSS and represents a systemic ongoing risk. We will examine root-cause, vendor remediation steps, and short-comings thereof – perpetuating the attack narrative. In conclusion, proper mitigation techniques and procedures will be covered, providing valuable insights into defending against potential compromise.