Vulnerabilities discovered for General Bytes’ Bitcoin ATMs

Posted on
The Kraken Security Labs team has discovered and disclosed some vulnerability affecting a particular model of Bitcoin ATM, the BATMtwo (GBBATM2) distributed by General Bytes. After having communicated them to the producer in the month of April in private form, he has written about them publicly these days.

Do them for devices that convert money to BTC

For those who are not aware of it, these are branches where instead of withdrawing or depositing cash it is possible convert your money in a cryptocurrency, in this case Bitcoin. They are also found in Italy, especially in large cities such as Milan, Rome and Turin. Below is the video made by the researchers about the problems found.

For its part, General Bytes claims to have intervened in order to put a patch, through the release of corrective updates, but some leaks may require physical replacement of hardware components.

The critical issues identified concern the installed software (based on the Android platform), the use of a standard QR code for access to administration privileges (thus making it easy for anyone to compromise the machine), the procedure boot, management and external case. For all the technical details, please consult the Kraken blogpost, via the link at the end of the article.

According to the Coin ATM Radar website, the producer is the second most important globally in terms of market share, holding 22.7% of the overall share, behind only Genesis Coin.

