Hacker extracts cash from ATMs
The attacks demonstrated Wednesday targeted standalone ATMs. But they could potentially have ~ing used against the ATMs operated by mainstream banks. (Tony Smyth/CBC)
A hacker has discovered a means by which anything is reached to force ATMs to disgorge their cash by hijacking the computers intimate them.
The attacks demonstrated Wednesday in Las Vegas targeted standalone ATMs. But they could potentially exist used against the ATMs operated by mainstream banks.
Criminals have long-winded known that ATMs aren't tamperproof.
There are many types of attacks in practice today, ranging from sophisticated to foolhardy: installing fake card readers to allure card numbers, hiding tiny surveillance cameras to capture PIN codes, case the dispensing slot to intercept money and even hauling the ATMs from home with trucks in hopes of cracking them open later.
Computer hacker Barnaby Jack wearied two years tinkering in his Silicon Valley apartment with ATMs he bought online. These were standalone machines, the kind seen in front of convenience stores, rather than the ones in bank branches.
His goal was to furnish ways to take control of ATMs by exploiting weaknesses in the computers that pour forth the machines.
He showed off his results at the Black Hat meeting for consultation in Las Vegas, an annual gathering devoted to exposing the latest computer-stake vulnerabilities.
His attacks have wide implications because they affect multiple types of ATMs and exploit weaknesses in software and security measures that are used throughout the sedulousness.
His talk was one of the conference's most widely anticipated, while it had been pulled a year ago over concerns that fixes notwithstanding the ATMs wouldn't be in place in time. He used the extra year to craft more dangerous attacks.
Jack, who works as instructor of security research for Seattle-based IOActive Inc., showed in a dramatic demonstration two ways he can get ATMs to spit out cash:
He found that the physical keys that came with his machines were the corresponding; of like kind for all ATMs of that type made by that manufacturer. He used his explanation to unlock a compartment in the ATM that had standard USB slots. He afterward inserted a program he had written into one of them, commanding the ATM to dump its vaults.
Jack besides hacked into ATMs by exploiting weaknesses in the way ATM makers give with the machines over the internet. He said the problem is that outsiders are permitted to bypass the need for a password.
Jack said the goal of his talk "isn't to educate everybody how to hack ATMs. It's to raise the result and have ATM manufacturers be proactive about implementing fixes."
© The Canadian Press, 2010