Thu, Mar 2, 2017 | updated 12:01 AM IST

Kaspersky Lab to examine future threats to ATMs with 'Biometric skimmers'

Updated: Sep 23, 2016 13:57 IST

New Delhi [India], Sep 23 (ANI): Kaspersky Lab experts have investigated how cybercriminals could exploit new ATM authentication technologies planned by banks.

While many financial organizations consider biometric-based solutions to be one of the most promising additions to current authentication methods, if not a complete replacement for them cyber criminals see biometrics as a new opportunity to steal sensitive information.

ATMs have for years been in the sights of fraudsters hunting credit card data. It all started with primitive skimmers homemade devices attached to an ATM, capable of stealing information from the card's magnetic strip and pin-code with help of a fake ATM pin pad or a web camera.

Over time, the design of such devices was improved to make them less visible. With the implementation of much harder but not impossible to clone chip-and-pin payment cards the devices evolved into so-called 'shimmers': largely the same, but able to gather information from the card's chip, giving sufficient information to conduct an online relay attack.

The banking industry is responding with new authentication solutions, some of which are based on biometrics.

According to a Kaspersky Lab investigation into underground cybercrime, there are already at least twelve sellers offering skimmers capable of stealing victims' fingerprints. And at least three underground sellers are already researching devices that could illegally obtain data from palm vein and iris recognition systems.

The first wave of biometric skimmers was observed in 'presale testing' in September 2015. Evidence collected by Kaspersky Lab researchers reveals that during the initial testing, developers discovered several bugs.

However, the main problem was the use of GSM modules for biometric data transfer - they were too slow to transfer the large volume of data obtained. As a result, new versions of skimmers will use other, faster data transfer technologies.

There are also signs of ongoing discussions in underground communities regarding the development of mobile applications based on placing masks over a human face.

With such an app, attackers can take a person's photo posted on social media and use it to fool a facial recognition system.

The problem with biometrics is that, unlike passwords or pin codes which can be easily modified in the event of compromise, it is impossible to change your fingerprint or iris image. Thus if your data is compromised once, it won't be safe to use that authentication method again.

That is why it is extremely important to keep such data secure and transmit it in a secure way. Biometric data is also recorded in modern passports called e-passports and visas. So, if an attacker steals an e-passport, they don't just possess the document, but also that person's biometric data. They have stolen a person's identity, said Olga Kochetova, security expert at Kaspersky Lab.

The use of tools capable of compromising biometric data is not the only potential cyber threat facing ATMs, according to the Kaspersky Lab researchers. Hackers will continue to conduct malware-based attacks, black-box attacks and network attacks to seize data that can later be used to steal money from banks and its customers.

Read the full threat overview report about upcoming cyber threats to cash machines, and measures that can be implemented in order to protect banks from these threats on Securelist.com. (ANI)

New Delhi [India], March 1 (ANI): Communications technology and services leader Ericsson successfully deployed an end-to-end OSS fulfillment suite for Reliance Jio Infocomm Ltd., the world's fastest-growing operator.

Full Story >>

New Delhi [India], Feb. 28 (ANI): Continuing to help organisations simplify cloud adoption by bringing the benefits of the cloud inside their own datacenters, Oracle today announced the expansion of the Oracle Cloud at Customer portfolio with the availability of Oracle Exadata Cloud Machine.

Full Story >>

New Delhi [India], Feb. 28 (ANI): In an attempt to further expand the 'Digital India' campaign, Samsung and Reliance Jio Infocomm Ltd have entered into a joint venture to launch the I&G (Infill and Growth) Project,designed to upgrade current LTE mobile communication services across India.

Full Story >>

New Delhi [India], Feb. 28 (ANI): China Mobile and Ericsson have established success in the ongoing trials being carried out of the cellular IoT-based Connected Factory.

Full Story >>

New Delhi [India], Feb.27 (ANI): A national project to build capacity among law enforcement agencies (LEAs) on cyber security has been developed by Observer Research Foundation in association with the Sardar Patel National Police University.

Full Story >>

New Delhi [India], Feb. 27 (ANI): Ericsson and T-Mobile US have worked together on a network evolution plan and optimisation path to continue to provide a superior user experience.

Full Story >>

New Delhi [India], Feb. 27 (ANI): Accenture is bringing to life the Accenture Innovation Architecture at Mobile World Congress to highlight the company's innovation-led approach for helping clients develop and deliver disruptive innovations, and to scale them faster.

Full Story >>

New Delhi [India], Feb 27 (ANI): Hewlett Packard Enterprise (HPE) at the Mobile World Congress 2017 announced that it is working with Tata Communications, a leading provider of a new world of communications™, to support the roll-out of India's first LoRaWAN™ (LoRa) based network.

Full Story >>

Osaka (Tokyo),[Japan] Feb 27 (ANI): Kyocera Corporation has announced the release of TORQUE® X01, a rugged feature phone for Japanese service provider KDDI Corporation.

Full Story >>

New Delhi [India], Feb. 26 (ANI): Rocking Deals launched Trackstolen.in, a free medium to spread awareness about stolen or theft devices. A website to enable users to register his/her device to secure it from getting stolen, this eases the process of buying and selling second-hand phones.

Full Story >>

New Delhi [India], Feb. 25 (ANI): The wholly-owned subsidiary of Mahindra and Mahindra, Mahindra Agri Solutions (MASL) has announced an advisory platform for farmers in the form of a mobile app, 'MyAgriGuru'.

Full Story >>

New Delhi [India], Feb 24 (ANI): Almost half of all phishing attacks (fraudulent email messages or copycat websites that appear legitimate) registered in 2016 by Kaspersky Lab's heuristic detection technologies, were aimed at stealing their victim's money, according to an analysis of the financial threat landscape by Kaspersky Lab the company's experts.

Full Story >>

WhatsApp's new 'status' feature goes live

Updated: Feb 24, 2017 12:25 IST

New Delhi [India], Feb. 24 (ANI): WhatsApp's on Friday rolled out its new feature 'Status' live across Android, iOS and Windows software wherein the users can upload pictures and videos for their contacts to see, instead of regular text status message.

Full Story >>

New Delhi [India], Feb 24 (ANI): World's leading information technology (IT) association CompTIA has unveiled a groundbreaking, vendor-neutral certification, CompTIA Cyber security Analyst (CSA+), the first of its kind to bring behavioral analytics to the forefront of assessing cyber threats.

Full Story >>

New Delhi [India], Feb. 24 (ANI): Verizon and Ericsson enabled an operational shift of 5G network from technology trials to pre-commercial pilots in the field in multiple cities across United States of America.

Full Story >>

Amsterdam [Netherlands]/Tokyo [Japan], Feb.23 (ANI): ISE 2017, the largest audio-visual and systems integration show, was held recently in Netherlands.

Full Story >>

New Delhi [India], Feb. 23 (ANI): Google has always made sure to celebrate every special affair around the globe.

Full Story >>

Mumbai (Maharashtra) [India], Feb. 22 (ANI): Microsoft's Chief Executive Officer (CEO) Satya Nadella on Wednesday announced the launch of a new skilling tool called 'Project Sangam' for Indian citizens.

Full Story >>

New Delhi [India], Feb 22 (ANI): According to Kaspersky Lab "Spam and phishing in 2016"report, about 20 percent of all spam emails in Q4 2016distributed ransomware Trojans. The Kaspersky Lab spam report also identified the following trends in 2016

Full Story >>

HP launches OMEN gaming portfolio in India

Updated: Feb 22, 2017 15:32 IST

New Delhi [India], Feb. 22 (ANI): HP Inc. launched the debut of its gaming portfolio in India - OMEN by HP, featuring an array of products built for gamers combining the latest in PC innovation, delivering power and performance to dominate competition.

Full Story >>