Scworld
ATM Security Flaws Exposed: Nine Vulnerabilities in Crypto Software
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A researcher has identified nine vulnerabilities in the CryptWare CryptoPro Secure Disk software, which is used by ATM manufacturers and corporations. Matt Burch from Atredis Partners will present these findings at Black Hat USA 2026. The vulnerabilities involve pre-boot decryption flaws and insecure storage of sensitive information, potentially allowing attackers to execute code and steal cash through jackpotting techniques. Diebold Nixdorf, a major ATM manufacturer, disputes the impact of these vulnerabilities, claiming they pose little risk to their systems. However, they acknowledge that some components of CryptoPro are used in their security suite. The vulnerabilities highlight the need for improved security in ATM software, as over 700 jackpotting incidents were reported in 2025 alone, resulting in over $20 million stolen. The situation remains under scrutiny as the debate continues over the real-world applicability of the findings.
Key Points: • Nine vulnerabilities found in CryptWare CryptoPro Secure Disk software used in ATMs. • Diebold Nixdorf disputes the severity of the vulnerabilities, claiming minimal real-world risk. • Over 700 jackpotting incidents reported in 2025, emphasizing the need for enhanced ATM security.