Bitcoin ATM maker Lamassu Industries has successfully addressed a vulnerability that could have granted hackers “full control” over its Bitcoin ATM machines.
The flaw came to light when a team of ethical hackers from security firm IOActive attempted to compromise Lamassu’s Bitcoin ATMs in 2023.
During the process, which the team has documented online, the researchers identified and exploited several vulnerabilities that allowed them to gain full control over the ATMs.
See how IOActive’s researchers took advantage of the vulnerability in the video below:
In comments shared with Cointelegraph, Gunter Ollman, CTO of IOActive, explained that through the exploit, attackers could “view and manipulate interactions with the hijacked ATM.”
This meant that hackers had the potential opportunity to steal Bitcoin from users’ wallets by taking advantage of the identified vulnerabilities.
According to Ollman, a sophisticated attacker could modify the entire user experience, tricking users into performing actions such as entering bank account details.
Ollman assured the community that the attack’s impact would be limited to a user’s account balance, but the potential for social engineering was significant.
Gabriel Gonzalez, Director of Hardware Security at IOActive, commented that the vulnerability could grant an attacker “full control” over a physical ATM machine.
This included the ability to drain all the money in the ATM and manipulate the note reader to display inaccurate deposit amounts, he said.
The security researchers noted the severity of the vulnerabilities, especially if the ATMs were left unattended in various locations.
Lamassu Industries responded promptly to the findings, deploying a security patch to fix the vulnerabilities
Read more on cryptonews.com