No. of Recommendations: 2
Both my wife and I are dinosaurs ... we both have never used an ATM from the time these machines made their first appearance. I’ve always thought that ATMs present high security risks and are vulnerable to attack by savvy techies, e.g., I would always have to be wary about people around me while using the machine, and the ATM could be accessed and rigged to copy my security inputs and steal $$$$ from my account. Several of my friends were assaulted and robbed while using ATMs located in supposedly safe downtown business districts. No thanks. Now I read this.

At the Black Hat security conference in Las Vegas, Barnaby Jack, who is director of research at IOActive Labs, made cash pour from a machine for minutes on end. After studying four different companies' models, he said, "every ATM I've looked at, I've found a 'game over' vulnerability that allowed me to get cash from the machine." He's even identified an Internet-based attack that requires no physical access.
(snip)
The hardware kit that he used in the demonstration cost less than $100 to make.
(snip)
... he demonstrated a way for a thief to gain physical access to the ATM made by Triton. The device's main circuit, or motherboard, is protected only by a door with a lock that is relatively easy to open (Jack was able to buy a key online). He then used a USB port on the motherboard to upload his own software, which changed the device's display, played a tune, and made the machine spit out money.

This is absolutely pathetic and inexcusable.

... by using a computer to call one phone number after another; he was able to locate numerous machines within a couple of hours by searching through a 10,000-number exchange. An attacker could then exploit the software vulnerability to install control software known as a rootkit. To withdraw money, the attacker would visit the ATM later with a fake card or steal information from other users=/tt=.

http://www.technologyreview.com/computing/25888/


Ray
Print the post  

Announcements

UGC Disclosure Notice Regarding Credit Card Posts
Community board discussions about credit cards are not provided or commissioned by banks who may have advertising relationships with The Motley Fool. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser's responsibility to ensure all posts and/or questions are answered.
TMF Credit Center
The Motley Fool Credit Center arms you with real tools and simple messages, that will help you in every credit situation.
What was Your Dumbest Investment?
Share it with us -- and learn from others' stories of flubs.
When Life Gives You Lemons
We all have had hardships and made poor decisions. The important thing is how we respond and grow. Read the story of a Fool who started from nothing, and looks to gain everything.
Contact Us
Contact Customer Service and other Fool departments here.
Work for Fools?
Winner of the Washingtonian great places to work, and Glassdoor #1 Company to Work For 2015! Have access to all of TMF's online and email products for FREE, and be paid for your contributions to TMF! Click the link and start your Fool career.