A security researcher at the Black Hat conference has demonstrated a hack technique that caused bank ATMs to vend all their cash.
Giving a presentation at the Black Hat 2010 conference in Las Vegas, security researcher Barnaby Jack demonstrated how it is possible to hack ATM machines into not only providing all their cash but storing card details of would-be customers.
The hack involved gaining access to the internals with a universal key bought off the Internet and then using a USB key loaded with a set of rootkit software. Jack said that he had been due to give the presentation the previous year but due to "circumstances beyond my control" had been forced to cancel the talk.
Jack said the benefit was that he had another year to research ATM attacks. The Black Hat talk demonstrated attacks on two different models of ATM machines both local and remote. The remote attacks were based on the idea that stand alone ATMs are on telephone lines.
"I've always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine. I think I've got that kid beat," wrote Jack in the briefing description," wrote Jack.
The goal of the talk, as with others of a similar nature at the Black Hat conference, is to draw attention to security issues and discuss defence strategies. For his part Jack advocated unique ATM hardware keys and protected software environments that would not be vulnerable to the type of attack Jack had demonstrated.
Advertisement
Related Stories
- iOS update fixes bugs and security flaws May 8th 2012 at 5:45AM
- Microsoft fingers Chinese firm in RDP flaw leak May 4th 2012 at 3:00AM
- Microsoft fixes '0-day' Hotmail flaw Apr 30th 2012 at 12:19AM
- Global Payments breach of 1.5m credit cards Apr 3rd 2012 at 8:29AM
- Hacktivists lifted more data than criminal gangs Mar 22nd 2012 at 11:14PM
- Microsoft accused of leaking attack code Mar 18th 2012 at 9:30PM
- Lulzsec leader Sabu turned by the FBI Mar 7th 2012 at 1:15AM
- Over half of UK companies infected by malware Feb 13th 2012 at 11:57AM
- Google describes 'Bouncer' Android anti-malware system Feb 3rd 2012 at 6:41AM
- Apple OS X updates released Feb 2nd 2012 at 5:44AM
