Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another ATM Maker Pwned by Googling

Posted by ryuzaki0 on from the press-here-to-accept-fee-and-continue dept.

bagsc writes "Kevin Poulsen of Wired.com strikes fear into another ATM manufacturer. This time, Triton ATMs had their super-secret master codes revealed by simple Google searches. Tranax was the most recent company with this problem, but probably not the last."

5 of 252 comments (clear)

  1. Re:Should have waited by dlim · · Score: 2, Interesting

    The "patch" is a update that forces the banks to change the ATM's default password. The default password has probably been online for as long as the ATM manufacturer has had a website. And with all of the attention the previous ATM password fiasco received, I would hope that my bank has already investigated (and reduced) their vulnerabilities to this type of fraud.

    The problem is not that anyone can read these service manuals for the next couple of months. The problem is that some owners of these ATMs did not read the service manuals to begin with.

    And if the solution is "spreading the word", then kudos to Kevin Poulsen for assisting the banks.

  2. Re:"Pwned", indeed by patrixmyth · · Score: 2, Interesting

    If anyone was humiliatingly defeated, then it was the ATM installation company, not the ATM manufacturer/owner/store clerk. And that defeat was not by Google, but likely by a trained installer with a grudge/questionable morals. If it were me, given the exorbitant rewards offered on many of these ATMs for information leading to arrest of offenders, I'd put more effort into catching exploiters than risking a theft charge. In my opinion, we should put $100 dollar bills behind thin glass on every corner with an alarm and a camera. In the meantime, this might be the next best thing to catch stupid criminals.

    --
    "Don't you know you're going to shock the monkey?"- Peter Gabriel
  3. Someone posted the manual here by Stonent1 · · Score: 2, Interesting

    In the last story about this, someone posted a link to the Triton manuals. I read the manual and it did have a password in it but it said to make sure you change the password before the ATM is put into production.

  4. Re:So what? by Fnord666 · · Score: 2, Interesting

    The real fun is to change the primary phone number that it dials to get authorization to a phone sex line. The call will fail to connect to a modem and fallback to the secondary number Transactions take longer, but they are racking up $4.99 per call on the ATM owner's line. Payback for the surcharge fee.

    --
    'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
  5. Re:Only In America by Anonymous Coward · · Score: 1, Interesting

    The McDonald's coffee case is endlessly brought up as the classic frivolous corporate lawsuit but this is unfair. The coffee was extremely hot, McDonald's had previously been advised it was too hot but kept it at the same scalding temperature anyway, it was served at a drive-thru in a flimsy cup that collapsed when you took the lid off, and she suffered serious 3rd degree burns requiring skin grafts to her legs.

    Yes she probably should have been more careful, but the court found that McDonald's had been willfully negligent of basic safety issues (in the name of profit) and as such held them partly responsible.