Automated Teller Machines (ATM) are in general believed to be relatively secure devices since they handle consumer financial transactions. However, ATMs are susceptible to malware, viruses, and eavesdropping just like any other device having memory and processor capabilities.
One ATM resource that is particularly valuable to the ATM is the Basic Input/Output System (BIOS), which is utilized to boot the ATM, set resources configurations, and the like. Unauthorized access to the BIOS can create substantial security breaches at the ATM.
However, an ATM is often serviced on site by a service (field) engineer for purposes of diagnostic testing, software upgrades, peripheral replacements, and the like. Because ATM security is an issue more and more security enhancements on the ATM are requiring that the BIOS be password protected, such that the ATM can only boot from the main hard drive with a known password for the ATM's BIOS.
This makes it difficult for the field engineers to use bootable diagnostic compact-disks (CDs), such as a bootable system application to analyze problems on a faulty ATM (e.g., an ATM existing system application from the hard drive is replaced for diagnostic testing from a CD during boot of the BIOS, such a situation cannot occur when the BIOS only permits password booting from the main hard drive of the ATM). Moreover, a particular fault may require the field engineer to access the BIOS, which means that the field engineer has to have the ATM BIOS password to effectively service the ATM.
Managing passwords for ATMs is problematic because BIOS passwords for each ATM should be unique and/or changed frequently to meet minimal security requirements, and, perhaps government compliance regulations. As stated above, the field engineers may require access to the BIOS in order to diagnose and fix issues with the ATMs. But, giving the field engineer a BIOS password presents a significant security risk, as the engineer may lose or actively give away the BIOS password to someone unauthorized to have such password; thereby giving hackers access to the BOIS on the ATM. The engineer may also take actions while working on the AMT that may make the BOIS less secure through such actions.
Therefore there is a need for improved BIOS credential management.