Bank ATMs Too Can Be Hacked


Las Vegas, Aug 1 (IANS): Even bank ATMs are not hack-proof. A security expert in US has demonstrated how a hacker using specific software can make the automated teller machines spew out its cash without knowing the password.

Barnaby Jack, director of security testing at Seattle-based IOActive, hauled two ATMs onto a stage and demonstrated to a rapt audience the fond daydream of teenage hackers everywhere: pressing a button and having an ATM spew out its cash until a pile of notes lay on the ground.

Jack, a New Zealand national, explained how the system allows a hacker to connect to the ATM through a telephone modem and, without knowing a password, instantly force it to disgorge its entire supply of cash, CBS News reported.

"I hope to change the way people look at devices that from the outside are seemingly impenetrable," said Jack, who lives in San Jose.

Jack said he bought the pair of standalone ATMs - one manufactured by Tranax Technologies and the other by Triton - over the Internet and then spent years poring over the code.

The vulnerabilities and programming errors he unearthed during that process, Jack said, let him gain complete access to those machines and learn techniques that can be used to open the built-in safes of many others made by the same companies.

"Every ATM I've looked at, I've found a game-over vulnerability that allows an attacker to get cash from the machine," Jack said.

"I've looked at four ATMs. I'm four for four." He said he has not evaluated built-in ATMs like those used by banks and credit unions.

He, however, said both Tranax and Triton had patched the security vulnerabilities since he brought them to the companies' attention a year ago. If a customer with an ATM such as a convenience store or a restaurant doesn't apply the fix, though, the machines remain vulnerable.

 

  

Top Stories


Leave a Comment

Title: Bank ATMs Too Can Be Hacked



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.