0

Flaws In The Design Of Some Atms Make Them Vulnerable To Hackers Looking For A Payout.

Started by Roco, Jul 03 2010 04:24 PM

You cannot reply to this topic

1 reply to this topic

#1 Roco

TMN Sr. Veteran

News Anchor
3,361 posts

Location: U.K. aka. Great Britain

Posted 03 July 2010 - 04:24 PM

Flaws in the design of some ATMs make them vulnerable to hackers looking for a payout.
By Reuters, 28 Jun 2010 at 08:27
Security experts will demonstrate ways to empty a cash machine of its contents, at the Black Hat security conference this week.

Barnaby Jack, head of research at security firm IOActive Labs, a Seattle-based security firm, will demonstrate methods for "jackpotting" ATMs at the event.

Jack declined to discuss his techniques before the conference. But "ATMs are not as secure as we would like them to be," conference founder Jeff Moss told Reuters, ahead of the event.

"Barnaby has a number of different attacks that make all the money come out."

Banks may fear that criminals will adopt Jack’s methods. But Moss said that going public will raise awareness of the problem among ATM operators and prompt them to tighten security.

One potential route of attack is via communications ports that are sometimes accessible from outside an ATM, Moss said.

"You want everybody to know there are possible ways to jackpot these machines, so they will go and get their machines updated," he said.

Joe Grand, a hardware security expert, said he was not surprised to learn of Jack's research.

"People are starting to realize that hardware products do have security vulnerabilities. Parking meters, ATMs, everything that has electronics in it can be broken," Grand said. "A lot of times a hardware product is just a computer in a different shell."

http://www.itpro.co....-of-jackpotting

Upon this gifted age, in its dark hour,
Rains from the sky a meteoric shower
Of facts... they lie unquestioned, uncombined.
Wisdom enough to leech us of our ill
Is daily spun; but there exists no loom
To weave it into fabric.
— Edna St. Vincent Millay---

Back to top

#2 zalternate

I'm a Quitter

Members
1,514 posts

Location: British Columbia. Viewing the craziness of the World with just the Facts

Posted 03 July 2010 - 09:48 PM

Flaw is called Windows.
Or what happens when you don't make a dedicated OS program for the ATM without the extra Windows crap.

http://www.engadget....d-gets-painted/

Quote

Although we wouldn't expect to find the latest release of Photoshop on your neighborhood ATM, it's not so far fetched to think that Paint would be left on a Windows-based ATM. We've seen a recent boost in cash machine hacking of late, and while this latest attempt doesn't siphon illegal coinage out of the slot, it does make for quite a laugh. Joining the pitiful array of other Windows-powered mishaps, a sharp cameraphone-toting individual spotted a local ATM that had a beautifully hand-crafted Paint message on the front screen in place of the typical "Insert your card to begin transaction," and while we've already said too much about a picture that speaks a million words, be sure to click on through to see how accessing an ATM's start menu can lead to all sorts of mischievous mayhem.

Attached Thumbnails

<a href="http://www.bccla.org">British Columbia Civil Liberties Association / www.bccla.org</a>
<a href="http://www.aclu.org">American Civil Liberties Union / www.aclu.org</a>
.A quote from Benjamin Franklin: "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."
<a href="http://www.eff.org/">Electronic Frontier Foundation / www.eff.org</a>
<BR /> <A HREF="http://www.eff.org/br"> <IMG SRC="http://www.eff.org/br/brstrip.gif"> </A> </DIV> <BR />