Two lines of defense prevent unauthorized software from making its way onto Triton ATMs.
Both lines of defense use the same technique, namely the ATM verifies that the software has been digitally signed by Triton using Triton’s private key. If the digital signature is incorrect, then the ATM does not accept the software. This ensures that only legitimate software, authorized by Triton, can run on the ATM.
- Before a software update is installed, the ATM verifies the load file’s signature, and only proceeds with the installation if the signature is correct.
- The ATM uses the Microsoft Windows CE operating system’s Trusted Environment which verifies the signature of every program before it is allowed to run.
An attacker cannot generate a correct signature, because only Triton holds Triton’s private key. Thus, malware cannot be imported into the ATM because the encapsulating load file’s signature would be incorrect. Malware cannot run on the ATM because Windows CE’s Trusted Environment would not execute a program whose signature is incorrect.