A commonly used model of bitcoin ATMs has several software and hardware vulnerabilities, Kraken Security Labs revealed in a blog post yesterday.
- The security team notified the manufacturer, General Bytes, on April 20 of the attack vectors. General Bytes has released patches for the back-end system, but some fixes may require hardware revisions, Kraken said.
- Bitcoin ATMs allow users to buy bitcoin using fiat currency. General Bytes is the second-largest manufacturer of Bitcoin ATMs, representing 22.7% of the global market, according to information provider Coin ATM Radar.
- The model in question, the BATMtwo (GBBATM2), had several vulnerabilities, according to Kraken, including a default administrative QR code, the underlying Android operating software, the ATM’s management system and the machine’s hardware case.