ATM Security Testing

Daily Mail Features Torrid Networks on Rahul Gandhi’s Twitter Account Hacking
December 26, 2016
Red Team Assessment
January 6, 2017
In the past, skimming was one of the main causes for unauthorized ATM withdrawals. Cyber criminals are launching advanced attacks against the cash machines and its underlying infrastructure to be able to dispense cash without getting tracked. Cyber threats to the ATM machines have exponentially increased over the last few years. Torrid Networks provides specialized security testing services to offer comprehensive assessment of the ATM environment.

Our Methodology

  • Physical security of machine is challenged to assess its protection from physical attacks
  • Remotely exposed vulnerabilities are discovered by performing a penetration test
  • Configuration assessment is performed to determine inadequate configuration and security mechanisms
  • Security testing is performed against the application to test for adequate security controls
  • Architecture is reviewed to ensure ATM environment is secure by design


To perform end-to-end security testing of the ATM environment, we closely follow various standards, guidelines and guides to ensure comprehensive testing coverage for threats and best practices.






  • WASC


  • NIST


Architecture Review

Architecture of the ATM environment is evaluated to discover architecture level flaws. Architecture review is done by reviewing the available architecture documentation, policies, security controls and interviewing the associated stake holders to ensure a resilient ATM environment. Inter-connectivity of the networks, systems, process workflow, alerting and detection mechanism on physical tampering, incident response program, security guidelines and general security controls are evaluated at this stage.

Physical Security Review

ATM’s physical case is the first line of defense in which various components including computer, cash cassettes, cash dispenser and rest of the hardware is enclosed. Physical IO ports such as USB/serial are also abused to implant a malware into the ATM. Possibilities of escaping or "jail breaking” via IO ports, lock‐picking techniques, boot loader security, setting up rogue processing unit, internet connection hijacking and even protection from physical force or tampering is evaluated during this phase.

Network Security Testing

Network security testing identifies the network level vulnerabilities in the ATM system. ATM network is normally segregated from the bank network and ATM has to communicate with the back‐end server in order to process the transactions. By obtaining the IP address of the ATM host, a comprehensive port scan, vulnerability assessment and penetration testing is performed. This exercise may also include traffic capturing or replay, MITM attacks, etc. to determine insecure communication between the client‐server. Network security testing highlights the remotely exploitable vulnerabilities in the ATM host and connected host or devices.

Application Security Testing

In this phase, the application is tested for various flaws include insecure storage, logs, data files, registry and even in-memory data which can be utilized by malware to steal confidential data. Protection from reverse engineering, DLL hijacking, encryption strength both in storage and transit is also evaluated. Communication between the client‐server is intercepted and tampered to test the server side vulnerabilities. Traffic replay and protocol fuzzing is also performed to identify insecure protocol implementation which could be utilized by the attacker to take over the ATM machines or the back-end network.

Configuration Review

Configuration audit, also referred as whitebox testing, evaluates the security flaws which are sometime not remotely discoverable but could still cause serious security implications. With this exercise, hidden security problems in the ATM environment can be uncovered and mitigated to ensure a secure environment. To conduct configuration audit, access to the operating system with higher privileges, service components, configuration files, etc. is requested from the organization under assessment.

Learn More

Contact us today to learn more about our specialized ATM security testing services