According to a report by the Automated Teller Machine Industry Association (ATMIA), sophisticated criminals are using ‘reverse-engineering’ techniques to gain access to individual bank accounts and to banking software systems, giving rise to a threat of widespread theft and fraud. ATMIA sees evidence that criminals are targeting ATM software as a new frontier of fraud. Software reverse-engineering (RE) is highlighted as one of the most dangerous threats in ATMIA’s new ‘Best Practice Manual’. Reverse-engineering (RE) is the process of discovering the technological principles of a system through analysis of its structure, function and operation. In terms of software it can also be seen as "going backwards through the development cycle". The purpose is to deduce design decisions from end products with little or no additional knowledge about the structure and algorithms of the investigated application. RE is an essential instrument in hackers’ hands to circumvent software systems for various purposes. Julia Titova, Business Development Director of StarForce Technologies, said: “Most of the modern well-known software security breaches were made using RE. Unprotected applications can be easily reversed-engineered by even an intermediate level hacker. “Once the RE process is complete the hacker understands how an application works and is able to bring new functionality or utilise the application for his own needs. This is the most dangerous threat as the ATM owner/operator may not discover the system penetration for some time. While everything is working normally the fact that the system has been cracked is hidden but the fraudster can launch the malware mechanism at any time. “Protecting applications installed on ATMs requires attention through the whole software lifecycle, starting with the development phase and continuing during patching of already installed programs.”
0 comments:
Post a Comment