Dangerous Vulnerability Was Revealed in US Bitcoin ATMs
Kraken Security Labs has revealed that most Bitcoin ATMs are vulnerable to hacking because the default admin QR code has never been changed.
The firm announced in a blog post that its group had conducted research, during which it found multiple vulnerabilities in ATM General Bytes BATMTwo hardware and software.
“Many avenues have been identified for possible attacks using the default administrative QR code, Android operating software, ATM management system, and even the machine’s hardware enclosure,” the message says.
The Kraken security team said that if hackers obtain the administrative code, they will be able to hack any of the vulnerable ATMs.
General Bytes has already warned ATM owners about the vulnerabilities identified by Kraken Security Labs, however, complete elimination of the problems may require additional hardware modification.
The Kraken Security team also discovered that it was able to gain full access to the Android operating system behind the BATMTwo ATM simply by plugging in a USB keyboard to the machine, and warned that anyone could install apps, copy files, or perform other malicious activities.
According to Coin ATM Radar, there are currently 6391 General Bytes ATMs installed worldwide, accounting for 22.7% of the global market. However, these numbers also apply to BATMThree machines, which Kraken did not report on.
The majority of BATM ATMs are located in the USA and Canada, and their combined number is about 5,300, while there are about 824 ATMs in Europe.