Communication Received from CDS May 14 2024.
CDS continues to place security at the top of our priority.
We have seen a couple of instances where a Man in the Middle (MitM) Attack has occurred on Genmega ATMs that are running on Genmega RMS. These attacks have occurred when an individual accesses Genmega RMS via the IP or wireless connection at the ATM allowing them to access the ATM and change withdrawal limits and IP address. This attack allows the transaction message to be intercepted and changed from a denied withdrawal to a successful withdrawal and dispense cash. Genmega has provided the following guidance to ensure your RMS is secure.
a. Customers without Genmega RMS are clear. They are not impacted.
b. Customer with RMS
i. Change the RMS Client password off default (on their RMS PC)
ii. Change the RMS password (RMS and ATM side) off default
Additionally make sure that all passwords at the terminal (Master, Operator, Service 1,2,3) have all been changed from default. To add another layer of security and reduce the risk of MitM attacks, we recommend enabling CDU binding, instructions are attached. Please contact your account manager if you have further questions.