Juniper keeps mum on ATM flaws Print
Written by Rebecca Mints   
Saturday, 11 July 2009 09:08

Several vulnerabilities in Automated Teller Machines were found by security researchers of networking giant Juniper. A presentation had been prepared by the researchers to discuss these vulnerabilities at the Black Hat Security Conference scheduled end of July and many are looking forward to this big revelation.

But Juniper has opted to be extra-careful with the issue and cancelled the presentation this early.

"The vulnerability Barnaby was to discuss has far reaching consequences, not only to the affected ATM vendor, but to other ATM vendors and - ultimately - the public," said a statement signed by Juniper's social media relations officer Brendan P. Lewis.

Lewis said they made a decision to cancel the presentation after weighing its potential impact on the involved vendor as well as their clients.

"To publicly disclose the research findings before the affected vendor could properly mitigate the exposure would have potentially placed their customers at risk. That is something we don't want to see happen."

Lewis said they will allow the involved vendor to fix the flaws before they publicly disclose them. These flaws includes what has been described by researcher Barnaby Jack as vulnerabilities that will expose the ATM to malicious software and make it an open target.
Jack earlier said the presentation will "retrace the steps I took to interface with, analyze and find a vulnerability in a line of popular new model ATM."

Last year, cash machines maintained by Diebold ATM devices were found to have a security breach. This was discovered by Sophos which said that at the time of announcement last March 2008, mitigation measures were already in place.