Slashdot Mirror

← Back to Stories (view on slashdot.org)

Googling for ATM Master Passwords

Posted by ryuzaki0 on from the that-should-probably-not-be-online dept.

default DOLLAR writes to mention an eWeek article following up on the ATM reprogramming scam pulled in Virginia Beach last week. A security researcher in New York has used a YouTube video, a few Google searches, and other legal methods to discover the master passwords to thousands of ATMs across the country. From the article: "Dave Goldsmith, founder and president of penetration testing outfit Matasano Security, in New York, did not say how he obtained the operator manual--which contains master passwords and other sensitive security information about the cash-dispensing machines--but an eWEEK investigation shows that a simple Google query will return a 102-page PDF file that provides a road map to the hack."

8 of 356 comments (clear)

  1. Giddy-up! by Logiksan · · Score: 5, Funny

    *runs off to Google and YouTube as fast as his little fingers will take him*

    1. Re:Giddy-up! by russ1337 · · Score: 5, Informative

      Well you can always find more interesting things by doing a Google search for: [Confidential "not for public release"] Like this

      This technique was posted on Boing Boing and Bruce Schneier a couple of weeks ago. Still. Plenty of good stuff out there.

    2. Re:Giddy-up! by dan828 · · Score: 5, Funny

      Kids these days got it easy. In my day you had to spend hours digging though dumpsters, now you just click a couple of buttons. What is the world coming to?

  2. Re:Trivial search - and the password is.... by 1010110010 · · Score: 5, Funny

    1 2 3 4 5? That's the combination an idiot would have on his luggage!

  3. Nine Days.... by Mr.Scamp · · Score: 5, Funny

    The machine gave $20's for $5's for NINE days after it was reprogrammed before someone commented on it. God Bless America.

  4. Re:The default password is... by Talondel · · Score: 5, Informative

    Close. Actually it apears that it's 001234. http://www.tritonatm.com/en/service/manuals/07103- 00013C%20(FT5KUsrMan(3.0))file.pdf

  5. Re:We're rich!! We're rich!!! by lomedhi · · Score: 5, Funny

    2 cents,

    Please enter a multiple of $5 or $20.

    --
    Did you say "insightful" or "inciteful"?
  6. Re:Casino by TopShelf · · Score: 5, Insightful
    That's a perfect illustration of how technological devices are only a small part of security. Having solid policies that are actually followed means every bit as much, if not more. From TFA:

    "This isn't a vulnerability," Goldsmith explained. "It's someone exploiting a policy weakness, where ATM owners install these things and never change the default password."

    All that's in the PDF is the default password, following a warning in BIG BOLD TYPE saying that you need to change the default password before deploying the machine. Would they put in a new combination lock on their vault and leave a combo of 1-2-3? I should hope not...
    --
    Stop by my site where I write about ERP systems & more