Vulnerable: Kraken reveals many US Bitcoin ATMs still use default admin QR codes

Kraken Security Labs has said that a “large number” of Bitcoin (BTC) ATMs are vulnerable to hacking, as the administrators never changed the default admin QR code.

In a Wednesday blog post, Kraken posted research from its Security Labs team, which found that there are “multiple hardware and software vulnerabilities” in the General Bytes BATMTwo ATM range.

“Multiple attack vectors were found through the default administrative QR code, the Android operating software, the ATM management system and even the hardware case of the machine,” the post read.

Kraken’s security team stated that if a hacker gets their hands on the administrative code, they can essentially “walk up to an ATM and compromise it,” while also highlighting issues with the BATMTwo’s lack of secure boot mechanisms, as well as “critical vulnerabilities” in the ATM’s management system. However, General Bytes has reportedly already alerted ATM owners to the vulnerabilities:

“Kraken Security Labs reported the vulnerabilities to General Bytes on April 20, 2021, they released patches to their backend system (CAS) and alerted their customers, but full fixes for some of the issues may still require hardware revisions.”

The team also found that it was able to gain full access to the Android operating system behind the BATMTwo ATM by simply attaching a USB keyboard to the machine and warned that “anyone” could “install applications, copy files or conduct other malicious activities.”

General Bytes is headquartered in the Czech Republic and, according to Coin ATM Radar, there are currently 6,391 General Bytes ATMs installed worldwide, which represents 22.7% of the global market. However, those figures also account for BATMThree machines that weren’t reported on by Kraken.

The majority of the BATM ATMs are located in the United States and Canada, with a combined figure tallying in at around 5,300, while Europe has around 824 ATMs installed.

Kraken is calling on BATMTwo owners and operators to change the default QR admin code, update the CAS server, and place the ATMs in visible locations for security cameras.

Related: El Salvador ranks third in global Bitcoin ATM installations, data finds

Bitcoin ATM scams

While reports of hacked Bitcoin ATMs appear to be minimal, there is a history of crafty individuals building scams around crypto ATMs.

In March 2019, the Toronto Police issued a public statement calling on the community to locate four men suspected of carrying out a series of “double-spending” transactions that fetched $150,000 worth of funds over a 10-day window. Double-spending consists of canceling transactions before the ATM has had a chance to confirm but keeping the dispensed cash.

The Oakland Press reported on June 22 of this year that two women from Berkeley were scammed out of a combined $15,000 after fraudsters posed as public safety officers and federal employees. The scammers reportedly told the victims that they had outstanding warrants and tax violations and ordered them to pay fines via local Bitcoin ATMs in the area.

And Malwarebytes posted research in August that uncovered a trend of gas station Bitcoin ATM scams in which threat actors would post fake jobs listings to dupe applicants into money laundering.

Note: This article have been indexed to our site. We do not claim ownership or copyright of any of the content above. To see the article at original source Click Here

Related Posts
Paisabazaar launches festive offers on American Express, HSBC, Axis and HDFC credit cards: How to avail thumbnail

Paisabazaar launches festive offers on American Express, HSBC, Axis and HDFC credit cards: How to avail

HomePersonal Finance NewsPaisabazaar launches festive offers on American Express, HSBC, Axis and HDFC credit cards: How to availCustomers who apply for specific cards from American Express® and HSBC will receive a ₹1,500 Amazon voucher.By Anshul   October 25, 2024, 12:30:49 PM IST (Updated)Paisabazaar, India’s largest marketplace for consumer credit, has announced exclusive festive offers on select
Read More
The Sandbox Price Up 16%, Biggest Metaverse Gainer Today thumbnail

The Sandbox Price Up 16%, Biggest Metaverse Gainer Today

The Sandbox price is up over 16% today, making it the biggest Metaverse gainer on CoinmMarketCap this Christmas Day. After their successful Alpha season one launch, The Sandbox is gearing up for their second Alpha season that will be announced soon. Let’s take a closer look at The Sandbox and its cryptocurrency SAND and see…
Read More
Robinhood starts offering digital currency wallets thumbnail

Robinhood starts offering digital currency wallets

Robinhood (NASDAQ: HOOD), the online trading platform that shot to global fame during the Wall Street Bets saga in 2021, will officially offer digital currency wallets to 1,000 of its users. The brokerage has long offered its users the chance to buy and sell digital currencies like BSV, BTC, ETH, and DOGE but hasn’t until…
Read More
EIGEN available for trading! thumbnail

EIGEN available for trading!

October 3, 2024 | Asset Listings, Product, Uncategorized We’re thrilled to announce that EIGEN is now available for trading on Kraken! Funding and trading Trading for EIGEN is live as of 04:00 AM UTC today, October 1, 2024. To add an asset to your Kraken account, navigate to Funding, select the asset you’re after, and
Read More
How to Build Your Confidence as a Leader thumbnail

How to Build Your Confidence as a Leader

By Stephanie Wells, founder of Formidable Forms, a drag-and-drop form builder for WordPress that empowers freelancers to create form-based solutions.As a leader, having confidence is a must. It enables you to grab an audience's attention, build healthy relationships with customers, and grow a successful, thriving business. But what if you struggle with self-confidence as a leader? When you…
Read More
Index Of News
Total
0
Share