[ISN] Security researcher demonstrates ATM hacking
InfoSec News
alerts at infosecnews.org
Thu Jul 29 04:02:51 CDT 2010
http://news.cnet.com/8301-1009_3-20012019-83.html
By Declan McCullagh
CNet News
Security
July 28, 2010
LAS VEGAS -- Hacking into an ATM isn't impossible, a security researcher
showed Wednesday. With the right software, it's actually pretty easy.
Barnaby Jack, director of security testing at Seattle-based IOActive,
hauled two ATMs onto the Black Hat conference stage and demonstrated to
a rapt audience the fond daydream of teenage hackers everywhere:
pressing a button and having an automated teller machine spew out its
cash until a pile of paper lay on the ground.
"I hope to change the way people look at devices that from the outside
are seemingly impenetrable," said Jack, a New Zealand native who lives
in the San Jose area. One vulnerability he demonstrated even allows a
hacker to connect to the ATM through a telephone modem and, without
knowing a password, instantly force it to disgorge its entire supply of
cash.
Jack said he bought the pair of standalone ATMs--one manufactured by
Tranax Technologies and the other by Triton--over the Internet and then
spent years poring over the code. The vulnerabilities and programming
errors he unearthed during that process, Jack said, let him gain
complete access to those machines and learn techniques that can be used
to open the built-in safes of many others made by the same companies.
[...]
More information about the ISN
mailing list