Switched has a new home! Huffpost Tech.

Click here to visit the new home of Switched!

Hot on HuffPost Tech:

See More Stories
AOL Tech

New ATM Hack Turns Cash Machines Into Jackpots

by Terrence O'Brien on July 29, 2010 at 04:25 PM

Jackpotting ATMThe ubiquitous ATM has quickly become a favorite, and often easy, target for hackers looking to make a quick buck. At the Black Hat Conference in Las Vegas, security researcher Barnaby Jack recently demonstrated a pair of hacks that allowed him to force an ATM to literally spit cash at him like he'd hit the jackpot on a slot machine. In the demonstration, Jack attacked ATMs from Triton and Tranax, but he said that he had successfully tried the methods on two other brands of machines, as well.

The first attack involved accessing a Tranax model over a network (although it could also theoretically be done on the Internet via dial-up) and bypassing the ATM's authentication systems. Once inside, Jack installed malware that can either collect account numbers and PINs, or simply force the machine to spit out cash with a specially coded card. For his follow-up act, Jack opened the front of a Triton machine, inserted a USB drive loaded with similar malware, and watched as it automatically infected the ATM. The attack on the Triton is particularly unnerving, since it demonstrates that many ATMs use the same key to unlock the access panel (much like filing cabinets). That key can easily be purchased on the Internet for around $10.

Tranax is advising its customers to turn off the remote monitoring features, while Triton has patched the vulnerability allowing the code to be executed from the USB key. Those wishing for a little extra security can upgrade the lock on their Triton model ATM. Jack's attacks focused on the kiosk-style ATMs found in convenience stores and restaurants, but he didn't rule out the possibility that these vulnerabilities might affect bank ATMs as well. In April, a man was caught installing malware on Bank of America machines with the intent to steal cash. That was an inside job, but it's still unclear whether or not your average criminal hacker could do the same. [From: Wired and VentureBeat]

Tags: atm, AtmScams, banking, BarnabyJack, BlackHat, BlackHatConference, hackers, security, top, tranax, triton

Comments

1

HuffPost AOL Social News Most Popular