Researcher Discovers ATM Hack, Gets Silenced

Al writes "A researcher working for networking company Juniper has been forced to cancel a Black Hat presentation that would have revealed a way to hack into ATMs. The presentation focused on exploiting vulnerabilities in devices running the Windows CE operating system, including some ATMs. The decision to cancel was made to give the vendor concerned time to patch the problem, although the company was notified 8 months ago. The article mentions a growing trend in ATM hacking: In November 2008 thieves stole nearly $9 million from more than 130 cash machines in 49 cities worldwide. And earlier this year, the second biggest maker of ATMs, Diebold, warned customers in an advisory that certain cash machines in Eastern Europe had been loaded with malicious software capable of stealing financial information and the secret PINs from customers performing ATM transactions."

Re:Ridiculous

No, they don't... but it depends on the hack.

If it gives out free money, only harming the company which didn't seem to care, then no, don't give them any more time.

If the hack gives them access to innocent people's account details, and they'd be out money, and/or time fighting the bogus withdrawals, then yes, give them time to fix it.

Never fear, BH presentation likely

[2gravey]

For those of you who aren't aware, the Black Hat tradition for vulnerability presentations which have been similarly blocked due to court orders, etc. is to offer BH a replacement safe/bland presentation and then deliver the banned exploit demonstration regardless. This action typically results in a large lawsuit against the researcher's employer, subsequent termination of the researcher, and a short-lived rock star notoriety for the researcher making the afore mentioned termination totally worth it.