In a recent blog post by Kraken’s Security Labs team, it was reported that the General Bytes BATMTwo ATMs have vulnerabilities. The QR codes have never been changed by the administration, making a huge amount of BTC vulnerable.
Attack vectors were found in those QR codes, in the ATM management system, in the hardware case, as well as the Android OS. Good hackers could misuse the administrative code for their own benefit if they manage to get a hand at it. Such vulnerabilities must not be allowed in BATMTwo ATMS because large funds are at stake.
General Bytes immediately warned owners about the vulnerabilities noticed by Kraken’s Security Labs. The latter also found out that it is relatively easy to steal data on the ATMs by simply injecting a USB keyboard behind the ATMs, and then install malicious applications or copy personal information.
This could impost risk to a large range of users since General Bytes ATM is one of the leading entities in the field. Thor headquarters are in the Czech Republic, but they have more than 6,000 ATMs worldwide, which is around 22.7% of the total market, second after Genesis Coin which has 41.2%. Most of these ATMs are installed in North America and a smaller portion in Europe.
Kraken has identified ways that this issue could be solved. The QR admin codes need to be changed, the CAS server needs to be updated, and ATMs must be placed at secured places that are under surveillance of cameras.
Such actions are important because there have been various scenarios where people were scammed through Bitcoin ATMs.