Skip to main content

ATM security flaws could be a jackpot for hackers

ATM security flaws could be a jackpot for hackers
A security expert has identified flaws in the design of some automated teller machines that make them vulnerable to hackers, who could make the ubiquitous cash dispensers spit out their cash holdings.

Barnaby Jack, head of research at Seattle-based, security firm IOActive Labs, will demonstrate methods for "jackpotting" ATMs at the Black Hat security conference in Las Vegas that starts on July 28.

"ATMs are not as secure as we would like them to be," Jeff Moss, founder of the Black Hat conference and a member of President Obama's Homeland Security Advisory Council said. "Barnaby has a number of different attacks that make all the money come out."

Jack declined to discuss his techniques before the conference. The world's biggest ATM manufacturers include Diebold Inc and NCR Corp. Officials with those companies could not be reached for comment.

Banks may cringe when he speaks, fearing would-be crooks will adopt his methods. But Moss said that going public will raise awareness of the problem among ATM operators and prompt them to tighten security.

One potential route of attack is via communications ports that are sometimes accessible from outside an ATM, Moss said.

"You want everybody to know there are possible ways to jackpot these machines, so they will go and get their machines updated," he said.

Joe Grand, a hardware security expert, said he was not surprised to learn of Jack's research.

"People are starting to realize that hardware products do have security vulnerabilities. Parking meters, ATMs, everything that has electronics in it can be broken," Grand said. "A lot of times a hardware product is just a computer in a different shell."

Comments

Popular posts from this blog

Top 5 Women Who Impacted Technology in 2010

Katie Stanton, International Strategist for Twitter Katie Stanton has impressively long names of companies in her resume. They include the White House, Google Inc, and her latest addition is Twitter. Her remit is working on Twitter’s international strategy and her experience in social media will be a key asset to the company. Katie has a history of working in technology, and her knowledge of departmental laws will help Twitter work alongside government agencies, as she’ll be spearheading the free information approach, especially after the Wikileaks incident. Stanton has been a key player in the techsphere for some time, and this extends to her private life. Following the Haiti disaster she worked with a group of engineers to create a free texting service to help those in need and she is constantly in demand as an expert in both social media and government policy.
Caterina Fake, Co-Founder of Flickr and Hunch Despite having a surname which sounds like a pseudonym for a spy (it’…

Evolution Of Computer Virus [infographic]

AT&T MiFi 2372 review

In the week or so that I have been testing the AT&T MiFi 2372 by Novatel Wireless, it has already saved no less than three lives. First, it saved my cable guy’s life. You see, Time Warner Cable provides the worst home Internet service I have ever experienced. I can’t even think of a close second. If providing terrible home Internet service was a sport, Time Warner Cable would be on its tenth consecutive undefeated season. Forget the fact that my upload speed is capped at 60Kbps and I’m lucky if I can get half that — it has been months since I’ve gone through a full day without at least one service interruption. Months. Unfortunately, Time Warner Cable has an exclusive contract with my building so I have no choice but to endure its abysmal service. Last week, as a Time Warner Cable technician entered my home for the sixth time in two months, I realized that this certainly would have spelled serious trouble had it not been for my trusty new back up device. Before the Mi…