[ISN] Security researcher demonstrates ATM hacking

From: InfoSec News <alerts_at_private>
Date: Thu, 29 Jul 2010 04:02:51 -0500 (CDT)

By Declan McCullagh
CNet News
July 28, 2010

LAS VEGAS -- Hacking into an ATM isn't impossible, a security researcher 
showed Wednesday. With the right software, it's actually pretty easy.

Barnaby Jack, director of security testing at Seattle-based IOActive, 
hauled two ATMs onto the Black Hat conference stage and demonstrated to 
a rapt audience the fond daydream of teenage hackers everywhere: 
pressing a button and having an automated teller machine spew out its 
cash until a pile of paper lay on the ground.

"I hope to change the way people look at devices that from the outside 
are seemingly impenetrable," said Jack, a New Zealand native who lives 
in the San Jose area. One vulnerability he demonstrated even allows a 
hacker to connect to the ATM through a telephone modem and, without 
knowing a password, instantly force it to disgorge its entire supply of 

Jack said he bought the pair of standalone ATMs--one manufactured by 
Tranax Technologies and the other by Triton--over the Internet and then 
spent years poring over the code. The vulnerabilities and programming 
errors he unearthed during that process, Jack said, let him gain 
complete access to those machines and learn techniques that can be used 
to open the built-in safes of many others made by the same companies.


Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com
Received on Thu Jul 29 2010 - 02:02:51 PDT

This archive was generated by hypermail 2.2.0 : Thu Jul 29 2010 - 02:11:41 PDT