“At that moment the researcher realized that there is a gap and used his iPhone to capture the bootChkN console output (Wincor Nixdorf) of the branch administrator,” a blog post on Vulnerability-Lab stated.
After saving the data and reviewing the recording, Benjamin was able to reveal a lot of sensitive information, including the bank’s main branch office:
- Serial numbers
- Firewall settings
- Network information
- Computer name
- Device IDs
- ATM settings
- Two system passwords
- Other hardware related information
“Benjamin reported the critical issue to the Sparkasse Bank, which acknowledged the issue and has now started patching its ATMs and self-service terminals in a pilot program to prevent attacks.” Sparkasse Bank said in a statement.
The ATM (Automated Teller Machine) analyzed by Benjamin is manufactured by Wincor Nixdorf, one of the most famous company in the retail and banking industry.