The Automated Teller Machine Industry Association (ATMIA – www.atmia.com), an international non-profit organisation, is about to publish its ‘Best Practice Manual’ to enhance the operational security of ATM software.
The document will focus attention on ATM software security because ATMIA sees evidence that criminals are targeting ATM software as a new frontier of fraud. Software reverse-engineering will be highlighted as one of the most dangerous threats.
Reverse-Engineering (RE) is the process of discovering the technological principles of a system through analysis of its structure, function and operation. In terms of software it can also be seen as “going backwards through the development cycle”. The purpose is to deduce design decisions from end products with little or no additional knowledge about the structure and algorithms of the investigated application.
Nowadays RE is an essential instrument in hackers’ hands to circumvent software systems for various purposes. Most of the modern well-known software security breaches were made using RE.
Unprotected applications can be easily reversed-engineered by even an intermediate level hacker. Once the RE process is complete the hacker understands how an application works and is able to bring new functionality or utilise the application for his own needs. This is the most dangerous threat as the ATM owner/operator may not discover the system penetration for some time. While everything is working normally the fact that the system has been cracked is hidden but the fraudster can launch the malware mechanism at any time.
While the industry is on the verge of new security recommendations StarForce Technologies (www.star-force.com), the leading vendor of software protection tools, offers professional anti reverse-engineering tools for ATM software vendors. Protecting applications installed on ATMs requires attention through the whole software lifecycle, starting with the development phase and continuing during patching of already installed programs.
StarForce offers a full set of tools and services for every stage of application development.
StarForce tools transform executable code into StarForce virtual machine instructions, making analysis and modification of the software code considerably more difficult for any hacker.
The following anti reverse-engineering technologies are utilized:
• Obfuscation
• Program code virtualization
• Protection against debuggers
• Self checks of integrity
• Protection against modifications of application
According to an ATMIA survey, Microsoft Windows covers 84 per cent of all ATM operational systems. As a Microsoft Certified and Technological Partner StarForce has worked with the Windows platform since 1998 and protected many thousands of applications in various industry sectors.
About ATMIA
The ATM Industry Association is a global non-profit trade association with over 2,200 members in 60 countries. Its mission is to promote ATM convenience, growth and usage worldwide, protect the ATM industry’s assets, interests, good name and public trust; and provide education, best practices, political voice and networking opportunities for member organizations.
About StarForce Technologies
The StarForce company has the ultimate expertise in software development and digital content protection from copying, hacking and unauthorized use. For more than 10 years we have been successfully developing and implementing our state-of-the-art software solutions providing copyright and intellectual property protection worldwide.
Based in Russia, StarForce has representative sales offices in Russia, France, Germany and China. For many years it has been the leading security software developer for the Russian multimedia market which is infamous for its rampant software piracy.
www.star-force.com
