Case Financial wants to bring an important security alert to your attention. We have become aware of Direct Memory Access (DMA) attacks on ATMs, as well as a procedure on deterring these attacks. Our partner, NCR Atleos, recently released this below statement in regards to protecting your fleet. Please review carefully for your next steps.
Please be advised that NCR Atleos is updating guidance in relation to the PCIe expansion bus present in the motherboards of some NCR Atleos cores and M.2 slots used in other NCR Atleos cores. We are now advising that the PCIe expansion bus must be disabled to prevent possible logical attacks, specifically Direct Memory Access (DMA) attacks. Additionally, M.2 ports used in other cores must be turned off if not in use.
In the Estoril, Skylake, and Kabylake NCR Atleos core environments, the capability exists to plug in PCIe cards for additional functions. NCR Atleos is advising that an attacker with physical access to the PCIe bus (utilized for plug in cards) has the potential to perform a DMA attack to add malware into memory or scrape data. NCR Atleos are therefore updating our guidance as stated below:
• The PCIe bus must be disabled
• We do not advise the usage of additional PCIe cards
• Newly released BIOS versions should be utilized to disable the PCIe bus
• Where PCIe cards are still being utilized, we recommend pursuing a migration path to a solution that utilizes more modern, secure technology such as USB, and then disable the PCIe interfaces
For the NCR Atleos Cometlake core environment, PCIe slots have been removed, but M.2 ports are present for usage with SSD storage devices and can also represent a DMA attack risk. Please be advised of the below:
• Protection against DMA attacks is enabled by default if NCR Atleos OEM image is in use on the Cometlake core
• If NCR Atleos OEM image is not currently in use, Kernel DMA protection should be switched on within Windows settings
• If M.2 ports are not being used, NCR Atleos advise that M.2 ports must be disabled through utilization of a new version of NCR Atleos BIOS
NCR Atleos strongly recommends that FULL logical protection is applied as per the latest NCR Atleos Logical security whitepaper to ensure layered protection against different attacks. Updating to the new versions of BIOS for supported NCR Atleos Cores is part of this holistic defence.
If your financial institution is a RemoteView client, Case Financial will be automatically pushing these updates in the next coming weeks.
If your financial institution is not a RemoteView client, please contact us regarding making these updates in person. If you would like more information on RemoteView, please visit https://casefi.com/financial-products/atm-solutions/.
Thank you for your attention to this matter and please reach out to Case Financial with any questions at 877.728.9627.