Sunday, August 1, 2010

ATM hacked to make it spew cash

A hacker has discovered a way to force ATMs to disgorge their cash by hijacking the computers inside them.

The attacks targeted standalone ATMs.

But they could potentially be used against the ATMs operated by mainstream banks.

Criminals have long known that ATMs aren't tamperproof.

There are many types of attacks in use today, ranging from sophisticated to foolhardy: installing fake card readers to steal card numbers, hiding tiny surveillance cameras to capture PIN codes, covering the dispensing slot to intercept money and even hauling the ATMs away with trucks in hopes of cracking them open later.

Computer hacker Barnaby Jack spent two years tinkering in his Silicon Valley apartment with ATMs he bought online.

These were standalone machines, the type seen in front of convenience stores, rather than the ones in bank branches.

His goal was to find ways to take control of ATMs by exploiting weaknesses in the computers that run the machines.

Barnaby Jack demonstrates an attack on two automated teller machines

Barnaby Jack demonstrates an attack on two automated teller machines

He showed off his results in Las Vegas at the Black Hat conference, an annual gathering devoted to exposing the latest computer-security vulnerabilities.


Jack found that the physical keys that came with his machines were the same for all ATMs of that type made by that manufacturer.

He figured this out by ordering three ATMs from different manufacturers for a few thousand dollars each.

Then he compared the keys he got to pictures of other keys, found on the Internet.

He used his key to unlock a compartment in the ATM that had standard USB slots.

He then inserted a program he had written into one of them, commanding the ATM to dump its vaults.

Jack also hacked into ATMs by exploiting weaknesses in the way ATM makers communicate with the machines over the Internet.

Jack said the problem is that outsiders are permitted to bypass the need for a password.

The remote style of attack is more dangerous because an attacker doesn't need to open up the ATMs.

It allows an attacker to gain full control of the ATMs. - AP

Published August 1 2010


Source and credit : http://www.dailychilli.com/news/5410-atm-hacked-to-make-it-spew-cash

No comments: