Kraken Security Labs has said that a “large number” of Bitcoin ATMs are vulnerable to hacking as the administrators never changed the default admin QR code.
In a Sept. 29 blog post, Kraken posted research from its Security Labs team which found that there are “multiple hardware and software vulnerabilities” in the General Bytes BATMTwo ATM range.
“Multiple attack vectors were found through the default administrative QR code, the Android operating software, the ATM management system and even the hardware case of the machine,” the post read.
Kraken’s security team stated that if a hacker gets their hands on the administrative code, they can essentially “walk up to an ATM and compromise it,” while also highlighting issues with the BATMtwo’s lack of secure boot mechanisms, as well as “critical vulnerabilities” in the ATM’s management system. However, General Bytes has reportedly already alerted ATM owners to the vulnerabilities:
“Kraken Security Labs reported the vulnerabilities to General Bytes on April 20, 2021,