Lamassu Industries announced the elimination of a vulnerability that gives hackers remote access to the interface and control of cryptocurrency ATMs.
The vulnerability became known in 2023, when cybersecurity specialists at IOActive conducted a technical experiment, hacking the security systems of cryptomats produced by Lamassu Industries. During the experiment, the research team identified several critical vulnerabilities that were successfully exploited to gain remote access to interface management.
IOActive CTO Gunter Ollman said that with the help of the exploit it became possible to view, intercept and redirect confidential transaction information directly during user operations. And also manipulate user actions by replacing the interface of a crypto machine in order to obtain all bank account data and steal assets.
In case of physical access to a crypto ATM, attackers, in addition to stealing crypto assets, could “deceive the device” and force it to drain all the cash or credit the account with a larger amount of money deposited than actually deposited.
The vulnerability has been fixed recently, Lamassu Industries announced, the software has been fixed and modified.
Earlier it became known that an unknown group of digital hackers stole about 70,000 selfie portraits and confidential data of more than 300,000 clients of the Coin Cloud Bitcoin ATM network. This was stated by cybersecurity experts from the vx-underground group.