New ATM Hack Turns Cash Machines Into Jackpots
The first attack involved accessing a Tranax model over a network (although it could also theoretically be done on the Internet via dial-up) and bypassing the ATM's authentication systems. Once inside, Jack installed malware that can either collect account numbers and PINs, or simply force the machine to spit out cash with a specially coded card. For his follow-up act, Jack opened the front of a Triton machine, inserted a USB drive loaded with similar malware, and watched as it automatically infected the ATM. The attack on the Triton is particularly unnerving, since it demonstrates that many ATMs use the same key to unlock the access panel (much like filing cabinets). That key can easily be purchased on the Internet for around $10.
Tranax is advising its customers to turn off the remote monitoring features, while Triton has patched the vulnerability allowing the code to be executed from the USB key. Those wishing for a little extra security can upgrade the lock on their Triton model ATM. Jack's attacks focused on the kiosk-style ATMs found in convenience stores and restaurants, but he didn't rule out the possibility that these vulnerabilities might affect bank ATMs as well. In April, a man was caught installing malware on Bank of America machines with the intent to steal cash. That was an inside job, but it's still unclear whether or not your average criminal hacker could do the same. [From: Wired and VentureBeat]