Security & Fraud

Security Firm Hired To Fix Flaws In Nautilus Cash Machines

man at ATM

Researchers at New York-based Red Balloon Security identified two vulnerabilities in retail cash machines manufactured by Nautilus Hyosung America, the companies said in a joint press release on Monday (Nov. 11).

There are no reported instances of hackers taking advantage of the vulnerabilities, which could give hackers access to customers’ cash and data from the ATMs (automated teller machines). Following the discovery of the weaknesses, Nautilus Hyosung America partnered with Red Balloon Security to strengthen the security of its ATMs in the retail marketplace.

The researchers — Brenda So and Trey Keown — said the flaws only affected retail versions of Nautilus ATMs, not ones used in financial institutions. According to an estimate by Red Balloon Security, more than 80,000 machines are vulnerable. Nautilus has more than 150,000 installed ATMs in the U.S.

Nautilus Hyosung America is a subsidiary of closely held conglomerate Hyosung Corp., based in South Korea. The security flaws only exist in ATMs developed and distributed by the U.S. subsidiary.

“We commend Nautilus Hyosung America for its fast and diligent response to these disclosures, and for taking the appropriate steps to fix these problems,” said Dr. Ang Cui, CEO of Red Balloon Security. “If left unaddressed, the vulnerabilities we discovered could have created a potential for exploitation. We look forward to a continuing relationship with Nautilus Hyosung of America to guard against any potential vulnerabilities of their products.”

Firmware security updates were already launched to mitigate possible threats. The company said it notified all of its commercial customers to immediately update their ATMs with these patches.

Since entering the North American market in 1998, Nautilus has become the largest provider of ATMs in the U.S.

Founded in 2011, Red Balloon Security is a cybersecurity provider and research firm that specializes in the protection of embedded devices across all industries. 

As banking services continue to advance, ATMs promise to take even bigger roles in the digitally-integrated ecosystems of the modern financial services industry.

——————————–

Featured PYMNTS Study:

More than 63 percent of merchant service providers (MSPs) want to overhaul their core payment processing systems so they can up their value-added services (VAS) game. It’s tough, though, since many of these systems date back to the pre-digital era. In the January 2020 Optimizing Merchant Services Playbook, PYMNTS unpacks what 200 MSPs say is key to delivering the VAS agenda that is critical to their success.

TRENDING RIGHT NOW