"Widely Used Bitcoin ATMs Have Major Security Flaws, Researchers Warn"

According to a new report from security researchers with the crypto exchange Kraken, many of the Bitcoin ATMs placed at gas stations, bars, malls, and more, across the U.S. contain security vulnerabilities, leaving them open to hacking. The number of active Bitcoin ATMs in the U.S. is estimated to be more than 42,000, which is a significant increase from January 2021, when it was reported that there were 28,000. These ATMs allow users to purchase cryptocurrency with cash or credit, as well as process sensitive financial data. The researchers found several software and hardware flaws in the General Bytes BATMtwo (GBBATM2) model of Bitcoin ATMs. It is estimated that the manufacturer has provided almost 23 percent of all Bitcoin ATMs globally. Many GBBATM2 units were installed without the owners changing the default admin QR code that serves as a password. Therefore, anyone who obtains the code could take control of the ATM. Kraken's researchers have stressed the seriousness of the QR code issue since they discovered that the default code is shared across units. They purchased multiple ATMs from different sources and found that each had the same default key configuration. No fleet management was found for admin QR codes, emphasizing the need to manually update those critical passwords on each unit. The Android OS running on the GBBATM2 was also found to lack basic security features, such as locking down the full Android UI. They discovered that it is possible to gain access to the full Android UI by attaching a USB keyboard to the BATM, thus potentially allowing malicious actors to install applications, copy files, and more. Other serious flaws reported by the researchers include a failure to enable the secure-boot functionality or lock the bootloader. This article continues to discuss the security flaws found in the GBBATM2 model of Bitcoin ATMs. 

Gizmodo reports "Widely Used Bitcoin ATMs Have Major Security Flaws, Researchers Warn"