Researchers at New York-based Red Balloon Security identified two vulnerabilities in retail cash machines manufactured by Nautilus Hyosung America, the companies said in a joint press release on Monday (Nov. 11).
There are no reported instances of hackers taking advantage of the vulnerabilities, which could give hackers access to customers’ cash and data from the ATMs (automated teller machines). Following the discovery of the weaknesses, Nautilus Hyosung America partnered with Red Balloon Security to strengthen the security of its ATMs in the retail marketplace.
The researchers — Brenda So and Trey Keown — said the flaws only affected retail versions of Nautilus ATMs, not ones used in financial institutions. According to an estimate by Red Balloon Security, more than 80,000 machines are vulnerable. Nautilus has more than 150,000 installed ATMs in the U.S.
Nautilus Hyosung America is a subsidiary of closely held conglomerate Hyosung Corp., based in South Korea. The security flaws only exist in ATMs developed and distributed by the U.S. subsidiary.
“We commend Nautilus Hyosung America for its fast and diligent response to these disclosures, and for taking the appropriate steps to fix these problems,” said Dr. Ang Cui, CEO of Red Balloon Security. “If left unaddressed, the vulnerabilities we discovered could have created a potential for exploitation. We look forward to a continuing relationship with Nautilus Hyosung of America to guard against any potential vulnerabilities of their products.”
Firmware security updates were already launched to mitigate possible threats. The company said it notified all of its commercial customers to immediately update their ATMs with these patches.
Since entering the North American market in 1998, Nautilus has become the largest provider of ATMs in the U.S.
Founded in 2011, Red Balloon Security is a cybersecurity provider and research firm that specializes in the protection of embedded devices across all industries.
As banking services continue to advance, ATMs promise to take even bigger roles in the digitally-integrated ecosystems of the modern financial services industry.