News Tech: General Bytes, a company that makes bitcoin ATMs, had its computers hijacked by a zero-day assault on Thursday, allowing hackers to take over as the default administrators and change settings to direct all payments to their wallet address.
General Bytes, which owns and manages 8,827 Bitcoin ATMs that are available in more than 120 countries, acknowledged the theft. Prague serves as both the company’s headquarters and the location of the ATM factory. Customers of ATMs can buy or sell more than 40 coins.
The corporation has quickly recommended ATM operators to upgrade their software. The quantity of money taken and the number of affected ATMs have not been made public.
Since the hacker’s alterations, the company’s Crypto Application Server (CAS) software was updated on Thursday to version 20201208, exposing the vulnerability.
Since its founding in 2020, General Bytes claimed that multiple security assessments have been carried out, but none of them have discovered this issue.
According to the blog post by General Bytes’ security advisory team, the hackers used a zero-day vulnerability to attack the company’s CAS and steal the money. The CAS server controls every aspect of the ATM’s operation, including how cryptocurrency is bought and sold on exchanges and which coins are accepted.
A server hosted on General Bytes’ own cloud service was among those that the business believes the hackers “scanned for vulnerable servers running on TCP ports 7777 or 443, including servers.” The hackers then changed the “buy” and “sell” settings on the CAS, adding themselves as a default admin with the username “Gb,” so that any cryptocurrency the Bitcoin ATM received would instead be transferred to the hacker’s wallet address:
“The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user.”
Check the latest news about tech news section for best information.