Bank of America recently discovered that one of its employees had planted malware on some ATMs and had stolen a little over $300,000. Two very obvious countermeasures come to mind – use embedded devices instead of COTS, and whitelisting. There is really no reason that arbitrary code should be run on an ATM, and therefore there’s no reason to allow it.

Tags: ATM, crime, embedded device

This entry was posted on Thursday, April 15th, 2010 at 12:39 pm and is filed under random thoughts. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.