Never knowingly undersoldered
|
|
|
Black Hat: How to make ATMs spew money
A USB STICK holding some standard keys purchased on the Internet was able to override an ATM's firmware and cause it to spew fake million dollar bills at Black Hat 2010.
Security researcher Barnaby Jacks demonstrated that attack and another on the conference's first day. Most ATMs use Windows CE or a cut down version of Windows XP but Jacks used a cloned version of the machines' firmware to carry out the attacks.
With the second attack Jacks used the remote updating capabilities of the ATM to upload code that not only caused it to empty itself but also took a record of the cards used and their PIN numbers.
However these two hacks have now been countered by companies and in the case of the second hack, firmware updates now require a digital signature before they can be installed on ATM machines.
Jacks, the head of research at cybersecurity consultancy IO Active, said, ""Every ATM I've looked at I've found a game-over vulnerability that allows me to get cash. So far I've looked at four and running four for four at the moment."
Jacks was due to give his presentation at last year's Black Hat conference but was stopped by legal action because fixes for the problems weren't available. µ
Share this:
Share
and just where on a bank machine do you insert a USB stick?
this sounds implausible unless you have access to the internals of the machine.
He was halted because he violated patent rights around the abstract entitled, "Acquiring Cash Out Of Thin Air."
Though surely it differed in context, in so much that he had no military industrial complex, energy corporation and globalisation in his potfolio?
For, uhh, purely research purposes.
Thanks.