Overview
Explore critical ATM security vulnerabilities in this DEF CON 32 conference talk that reveals six zero-day vulnerabilities discovered in Diebold Nixdorf's Vynamic Security Suite (VSS), the market's leading ATM security solution. Dive deep into the technical analysis of how malicious actors can gain complete system control in under 10 minutes through offline code injection and Windows OS decryption. Learn about the discovery process, exploitation techniques, and detailed examination of the Full Disk Encryption module's integrity validation workflow. Understand the widespread impact of these vulnerabilities across the financial, casino/gaming, and point-of-sale sectors, particularly affecting ATM systems in Las Vegas and globally. Gain valuable insights into proper mitigation techniques, vendor remediation steps, and defensive strategies against potential compromises, while examining how these vulnerabilities recursively impact all major VSS versions and represent an ongoing systemic risk.
Syllabus
DEF CON 32 - Where’s the Money-Defeating ATM Disk Encryption - Matt Burch
Taught by
DEFCONConference