Vulnerability Management

Researcher finds 9 vulnerabilities in ATM security software

Coverage from Dark Reading indicates that a researcher has discovered nine vulnerabilities in the CryptWare CryptoPro Secure Disk software, a full-disk encryption solution used in corporate environments and by ATM manufacturers. While the existence of the vulnerabilities is not disputed, there is disagreement between the researcher and Diebold Nixdorf, a major ATM manufacturer, regarding their potential impact on the ability to steal cash from ATMs.

Matt Burch, a principal security researcher at Atredis Partners, will present his findings on CryptoPro Secure Disk at Black Hat USA 2026. The vulnerabilities lie in how the software handles pre-boot decryption and stores its own sensitive information. Specifically, Burch found that in certain fail states, the software could mount volumes in plaintext, and that key material and configuration values were stored on the disk itself. This, combined with a superficial check for LUKS encryption, could allow an attacker to trick the system into mounting the disk in plaintext. Additionally, the software's Secure Boot setup could allow an attacker to run an arbitrary Linux environment on an ATM. Burch demonstrated that these issues could allow an attacker to execute their own code during pre-boot, recover decryption keys, and potentially steal cash using jackpotting techniques.

Diebold Nixdorf has stated that the findings are not directly applicable to their systems, though they acknowledge using some components of CryptoPro in their Vynamic Security Suite. They maintain that the vulnerabilities pose little to no additional risk to their ATMs in a real-world environment, although they conceded that two vulnerabilities are theoretically applicable under certain conditions. Diebold appears to have addressed these issues in a December 2025 update. CryptoPro Secure Disk is used by numerous organizations globally, highlighting the importance of securing cryptographic secrets.

Source: Dark Reading

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds