http://news.cnet.com/8301-1009_3-20012019-83.html By Declan McCullagh CNet News Security July 28, 2010 LAS VEGAS -- Hacking into an ATM isn't impossible, a security researcher showed Wednesday. With the right software, it's actually pretty easy. Barnaby Jack, director of security testing at Seattle-based IOActive, hauled two ATMs onto the Black Hat conference stage and demonstrated to a rapt audience the fond daydream of teenage hackers everywhere: pressing a button and having an automated teller machine spew out its cash until a pile of paper lay on the ground. "I hope to change the way people look at devices that from the outside are seemingly impenetrable," said Jack, a New Zealand native who lives in the San Jose area. One vulnerability he demonstrated even allows a hacker to connect to the ATM through a telephone modem and, without knowing a password, instantly force it to disgorge its entire supply of cash. Jack said he bought the pair of standalone ATMs--one manufactured by Tranax Technologies and the other by Triton--over the Internet and then spent years poring over the code. The vulnerabilities and programming errors he unearthed during that process, Jack said, let him gain complete access to those machines and learn techniques that can be used to open the built-in safes of many others made by the same companies. [...] _________________________________________________________________ Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada July 24-29th, offering over 60 training sessions and 11 tracks of Briefings from security industry elite. To sign up visit http://www.blackhat.comReceived on Thu Jul 29 2010 - 02:02:51 PDT
This archive was generated by hypermail 2.2.0 : Thu Jul 29 2010 - 02:11:41 PDT