Kraken Security Labs has flagged supposed vulnerabilities in a commonly used cryptocurrency ATM, covering both its hardware and software.
- Kraken said a number of attack vectors were found at The General Bytes BATMtwo (GBBATM2) through a default administrative QR code, the Android operating software, the ATM management system, as well as the hardware case of the machine.
- Kraken said a large number of ATMs were configured with the same default QR code, which would allow anyone with the code to compromise any ATM. It also found a lack of secure boot mechanisms, with vulnerabilities in ATM management.
- The firm also warned that the GBBATM2 only has a single compartment protected by a single tubular lock, and bypassing this would provide direct access to the full internals of the device moving forward.
- The ATM device is said not to have any local or server-side alarm to alert that its internal components are exposed, and a would-be-attacker could compromise the cash box, as well as its embedded computer, webcam, and fingerprint reader.
Kraken has since recommended that users only use a BATMtwo at a location they trust.
BTC is up 2.18%, ETH up 1.82%, and XRP down 1.12%.