Kraken Security Labs, a branch of the San Francisco-based cryptocurrency exchange giant, Kraken, recently identified critical security issues in a commonly used Bitcoin ATM.
General Bytes Bitcoin ATM Model Open to Vulnerability Exploit
In a blog post on Wednesday (September 30, 2021), Kraken Security Labs discovered that the BATMtwo model by the second-largest cryptocurrency ATM manufacturer General Bytes has several hardware and software vulnerabilities. According to the report, the security risks enable hackers to easily take over the Bitcoin ATM.
In the course of the tests on the BATMtwo, Kraken Security Labs noticed that:
“Multiple attack vectors were found through the default administrative QR code, the Android operating software, the ATM management system and even the hardware case of the machine.”
Writing about the issues in detail, Kraken said that the administrative QR code across most BATMtwo ATMs was the same. This is risky, as a malicious actor can use the QR code to proliferate the machine.
Also, BATMtwo’s Android operating system (OS) had security deficiencies, noting that the “Kiosk Mode” which would lock the UI into a single application, thereby blocking access to other parts of the software, was not enabled on the General Bytes model.
According to Kraken’s findings, this vulnerability meant that anybody could attach a USB keyboard to the machine and “install applications, copy files or conduct other malicious activities.” Another flaw was the absence of alarms or compartmentalization, making it easy for an attacker to compromise every part of the Bitcoin ATM.
Meanwhile, Kraken Security Labs said that it notified General Bytes about the various security issues back on April 20. While the company seems to have taken some action, the blog post stated that fixing some issues may need “hardware revisions.”
The report also advised users to use the BATMtwo model at a trusted location, while calling on owners and operators to change the QR admin code, place ATMs in locations with surveillance cameras, and update the CAS server.
Bitcoin ATMs Continue to Expand Globally
There are currently over 28,000 crypto ATMs globally according to CoinATMradar, with 34 cryptocurrency ATM installations per day. The exponential growth of these kiosks means that more people are gaining access to Bitcoin and crypto.
Genesis Coin is the largest crypto ATM manufacturer, with over 11,500 of its machines installed worldwide, thereby controlling 41.2% of the market. General Bytes has installed 6,380 cryptocurrency ATMs, giving the company 22% of the manufacturer’s market share. BitAccess comes third with over 3,500 ATMs representing 12.5% of the market.
Meanwhile, the United States continue to maintain the number one position, in terms of the number of ATMs installed, which stands at 24,329, making up (86.5%). Canada comes second, recording over 1,800 crypto ATM installations. This makes North America the continent with the most installed ATMs, with close to 94% of global installations.