Slashdot Mirror
Can Your ATM Play Beethoven?
bpiltz writes "A funk band in Harrisonburg, VA, called Midnight Spaghetti, has posted a story with photos about a newly installed Diebold Opteva 520 ATM at Carnegie Mellon University that crashed, then rebooted. The Windows XP operating system initialized without the actual ATM software. The result was a public desktop computer, with only a touch screen interface, left wide open for the amusement of the students at the most wired university in the U.S. Interestingly, Diebold is one of the leading manufacturers of e-voting machines."
I had read it recently, and I found it on /. But it seems that this is not a dupe :-). This link was posted in the comments section very recently.
:-)
/. story is based, gains you karma too :-)
Here's the link.
It's good to look at comments, and submit stories. It gets you karma. Also, it's good to look around that comment, and then post comments in this story. That would gain karma too
Posting a comment about the comment on which the current
http://yogi.pdl.cmu.edu/~cgeisser/photos/
Video with audio of ATM in action
I work at a credit union, and we use OS/2 ATMs. They tried to foist a windows ATM on us, but couldnt get it to work because the tech was too dumb to tell the difference between a D911 (BiSync) and a D912 (LAN). Quite humorous, I played dumb till after he decided to install the OS2 version and then i pointed out to him it was a D912.
Funny side note though, on all our ATMs, the terminal driver (computer) has its own display on the backside of the unit along with a mouse and keyboard. Of course, we arent using the graphics capabilities because our terminal processor is hmm...slightly older than time.
So useful facts to be noted from experience:
1) Diebold techs do not know their rectums from a serial card. (Ive had to carefully hold their hands through IP setup and assigning the correct host:port combo to attach to the terminal processor)
2) Ive never seen an OS2 atm crash, nor have I ever seen it fail to boot the TCS (Terminal control software).
3) Windows driven ATMs have to the stupidist idea ive ever heard of, but cant really use linux...(see point one about said sub-sentient techs.)
4) I fear a world with diebold designed and serviced windows based voting devices. the havoc...the horror....
Their have however been attempts to introduce legislation pertaining to ATM safety in general, both on the federal and on the state level (the only example that I'm personally familiar with being NY (see here and here) .
"ATMs not connected to the Internet and without keyboard are pretty much unhackable unless you can pry open the case and attach a keyboard and/or wireless connection."
If you read the article you would find out that they managed to input text - but with charmap instead of a keyboard.. So having no keyboard is no insurance that noone will be able to input character data.
Here is the Diebold specificaion PDF for the 520. It says the thing has a P4 in it, and I would assume this is because they designed some sort of software framework for the Optiva to be expandable in the future to do things like sell concert tickets.
Imagine if that CDR drive was usable to load programs onto it. Furthermore, I'm really hoping these things don't have bluetooth in them.
520 Spec PDF
-Steve
It would be hard; the amount of data that can be stored in a card's magnetic strip is very small. Format of magnetic strip data
main(c,r){for(r=32;r;) printf(++c>31?c=!r--,"\n":c<r?" ":~c&r?" `":" #");}
Indeed. In the 1980s, Clydesdale Bank (in Scotland) actually used to feature the speed of their cash dispensers (a.k.a. ATMs) in their advertising, claiming that you could get money out of theirs faster than their competitors' machines. I don't recall any bank making claims like that for a long time.
Also, it's not just cash dispensers that are slow: railway ticket machines and car park payment machines are just two of the types of kit that I bemoan the speed of every time I use them. You can tell that they've been programmed in a very serial fashion, with no attempt to optimise the speed of the transaction for the user. Most machines could be programmed to pre-load blanks into printers, or pre-print static header information on receipts, or otherwise get started on time-consuming tasks, but they never seem to. You can practially follow the progress of the transaction through the machine's guts as it plods away at it.
And the receipt printers on point-of-sale equipment always seem to have the slowest possible mechanisms, making shop assistants who care feel that they have to apologise for keeping the customer waiting. (I bet if the banks could have used the old ZX80 scorched-black-on-silver-paper printer mechanism and saved a buck, they would have.)
Once more with the right tags...
Mignight Spaghetti
Actually, you would be surprised to know you aren't that far off. I worked IT for a Credit Union a couple of years ago, and the new "wave" was to automatically compare your credit score with what you already had, etc, so we could target things. Basically, you could log onto the home banking, and be presented with a screen that says that you have already been approved for a 10k car loan, simply click to accept it.
Now with most people using Check Cards or Credit Cards from the same instituition it wouldn't shock me in the least to think about them aggregating and categorizing your expenses to target deals to you.
Random Musings
Two articles about Viruses infecting ATMs.
u ri ty/story/0,10801,88028,00.html
t ml
http://www.computerworld.com/securitytopics/sec
http://www.theregister.co.uk/content/55/34175.h
(my card has been SWALLOWED by the machine on more than one occasion)
being swallowed isn't nearly as bad as the money just not coming out!
i was using a ATM at the FORUM mall in Helsinki, Finland. I told it i wanted 60 euros. upon entering my request, the screen displayed the error, "UNABLE TO COMPLETE TRANSACTION" and gave me my card back and a receipt with the same error message.
no big deal, right? a few days later, i see that 60 euros was removed from my account from that exact cash machine on the exact date i was there! i contact my bank in California and they tell me that i need to contact the bank that owns the machine.
i then walk into the responsible bank in Helsinki, and they swear up and down they never removed the 60 euros, regardless of showing them the receipt and everything. further, they then tell me that MY bank was in error and that i should speak with them.
after several hours of going bank and forth, i finally say to hell with it, it's not worth the time and frustration.
this is the only time it has ever happened to me, but i am interested in hearing other similar stories from folks around the world.
what countries have you had problems in?
Something similar happened to me with my bank (SunTrust), but the money was never taken out of my account.
I find that the best thing to do is only go to your bank's ATM -- and not the mini portable ATMs, but the ones embedded in the wall of the bank where you have to insert your card (not swipe, which could be intercepted by an intermediary swiper). Then when you get your cash, be sure to count it in front of the camera. I've had less money come out once but because I counted it in front of the camera, it was all right and I got my money.
01100111 01100101 01110100 00100000 01101111 01110101 01110100 00100000 01101101 01101111 01110010 01100101 00101110
Actually, in Pittsburgh, my old PNCBank branch (just across the busway from Shadyside, I can't remember the street address) had both a single-dollar dispenser, as well as a change cup. It was fed in the same way that I believe those automated change dispensers you sometimes see in banks and at ticket booths get fed - a single slide down which coins fall. I think the manufacturer was NCR, but I'm not sure.
It didn't ever seem to be filled up, but at least one ATM has been designed that could dispense change! I used to withdraw $19, just because I could put the 4 $1 and the $5 into the change machine for the washer and dryers.
The machine also could accept deposited checks WITHOUT AN ENVELOPE. It would scan the front of the check, show you an image and ask you if the scan was valid. If you deposited a check this way, it got into your account a full day faster than if it was in an envelope. I think it must have OCRed the text, as well as read the magnetic information from the bottom. Plus I imagine the workflow for the ATM operator was speedier. Of course, this all ran under OS/2 1.3, as I confirmed later.
Ahh, Pittsburgh, land of the oddball ATMs.
"But always she's the spectre of uncertainty I first endured, then faded, then embraced..."
Actually.. I am one of the students that was messing with this machine..
The reason why I'm sure we didn't empty the machine of all its cash (asside from that whole breaking the law thing), is that there was no way to access the money-dispensing mechanism from the controls we had access to (read: only from the touchscreen)
The numberpad was totally useless, as windows didn't recognize it, and the character map is pretty slow for trying to actually do anything useful..
But we had a ton of fun with it anyway.
CoyboyNeal is God
True, except that modern ATMs will have biometrics (finger scanners and whatnot), plus that printer thingy that gives your receipt, then there's the monitor, maybe some sort of check scanner for inputting money, a dispenser for giving cash, and viola, you have attached devices which need drivers.
I'll agree the modern ATM will have all these things... but just because you have devices doesn't mean you need drivers in a the modular sense. There was a time when we hardcoded applications to specific devices, like printers and scanners for example.
1. finger scanners
This is true, but it's not like the ATM it self actually stores the database of account numbers vs fingerscanner... I would imagine that this is stored in your bank records. Get scan, send data to bank... if scan = record permit transation
2. printer thingy that gives your receipt
I believe that your typical cash machine printer only prints in one font, on terminal paper. There are others who use impact, but this isn't a complex operation
3. there's the monitor
I'm rather old school in my attitde tward display, I still think a bank terminal display being a glorified typewriter
4. check scanner for inputting money
I believe you are talking about OCR... Magnetic ink bank account numbers are easy enough to read.. human print is slightly harder. I'll have to do some research and see what sorta system the post office does to peform OCR on hand printed postal codes. But again... this logic doesn't even have to happen at the cach machine. Scanner that gets triggered and send a bitmap to the bank in question, relays back to the bank the amount it read.
5. dispenser for giving cash
Again, not a complex operation. communicate to the dispencer which bill to spit out of the machine
---
All but biometrics and check scanners were operations the vintage cash machine peformed, without a standardized platform. Keep in mind that the actual verification process will still be peformed by the bank it self. I will continue to think of cash machines as glorified terminals. They gather data and communicate it to a remote location, remote location sends back information, and it displays, prints, and sometimes spews or accepts money.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.