ATM Hacker Hits Jackpot in Black Hat

By Turjo, Gaea News Network
Thursday, July 29, 2010

LOS ANGELES ( — If you think money transfer through ATM is safe, think again. With the right software and correct knowledge, it’s actually pretty easy. Barnby Jack, the director of security testing at IOActive, hauled two ATM machine in front of a huge audience in the Black Hat Conference.

Barnby brought a pair of standalone ATM’s -one manufactured by Tranax Technologies and the other by Triton on stage. The vulnerabilities and programming errors which he found out while going through the codings, allowed him complete access to those machines. In one of the attacks, Jack reprogrammed the ATM remotely over a network, without touching the machine; the second attack required him to open the front panel and plug in a USB stick loaded with malware.
After trying his hand over 4 different ATM machines, he said in the conference,

Every ATM I’ve looked at, I’ve found a game-over vulnerability that allows an attacker to get cash from the machine. Every ATM I’ve looked at allows that ‘game over.’ I’m four for four.

According to him both Tranax and Triton had patched the security vulnerabilities since he brought them to the companies’ attention a year ago. If a customer with an ATM such as a convenience store or a restaurant doesn’t apply the fix, the machines remain vulnerable.

While the whole world is facing continuous threats from hackers all the time, Jack said his aim in demonstrating the hacking techniques is quite educational. He did it to get people’s attention at the security of systems that are presumed to be locked down and impenetrable.

will not be displayed