Slashdot Mirror

← Back to Stories (view on slashdot.org)

ATM Hack Gives Cash On Demand

Posted by samzenpus on from the one-card-bandit dept.

angry tapir writes "Windows CE-based ATMs can easily be made to dole out cash, according to security researcher Barnaby Jack. Exploiting bugs in two different ATMs at Black Hat, the researcher from IOActive was able to get them to spit out money on demand and record sensitive data from the cards of people who used them. Jack believes a large number of ATMs have remote management tools that can be accessed over a telephone. After experimenting with two machines he purchased, Jack developed a way of bypassing the remote authentication system and installing a homemade rootkit, named Scrooge."

16 of 193 comments (clear)

  1. I see what you did there... by fuzzyfuzzyfungus · · Score: 4, Funny

    This is clearly just a slashvertisement for Microsoft's expansion of their "Cashback" promotion from Bing to WinCE "The Product that Needs it More Than Bing"...

    Editorial standards these days... I ask you...

  2. Pretension by aliddell · · Score: 5, Funny

    Exploiting bugs in two different ATM machines

    'ATM machines'? Really?

    --
    What do you think, sirs?
    1. Re:Pretension by Spad · · Score: 4, Funny

      And he didn't even need a PIN Number

    2. Re:Pretension by Darth_brooks · · Score: 2, Funny

      Yeah, ATM Machines. Those things that you put your PIN Number into.

      --
      There are some people that if they don't know, you can't tell 'em.
    3. Re:Pretension by davidbrit2 · · Score: 2, Funny

      I think that would be the machine operating the machine that's operating the ATM. It brings the level of automation to where you only have to subconsciously think of money, or anything that rhymes with money in order to make a withdrawal.

    4. Re:Pretension by RulerOf · · Score: 5, Funny

      Rumor has it that if the hacker can find the MAC controller address for the NIC card in the ATM machine, he can use specially crafted TCP/IP protocol and also expose your SSN number.

      --
      Boot Windows, Linux, and ESX over the network for free.
    5. Re:Pretension by need4mospd · · Score: 4, Funny

      But only ATM machines with specific UPC codes and LCD displays will do this. And you should make sure your PC computer has enough RAM memory and is setup to run on AC current using only RF frequencies to communicate. Always back up these transactions to a DAT tape or CD disks. If you do this right, you should be able to avoid any VAT taxes so you can afford more KFC chicken.

  3. Re:MSFT Fanboys HURRY! by Anonymous Coward · · Score: 1, Funny

    Only need one: he didn't hack the OS, only the applications running on top of the OS.

  4. Re:Redundancy by betterunixthanunix · · Score: 2, Funny

    Something has to build the ATMs! Clearly, this hacker has discovered that the robots that build ATMs also create money.

    --
    Palm trees and 8
  5. Re:Redundancy by prionic6 · · Score: 4, Funny

    But who makes the ATMMs?

    It's machines all the way down!

  6. Re:Interesting Hacks... by RMS+Eats+Toejam · · Score: 0, Funny

    ... all the ATMs were running OS/2.

    There was never a time when all ATMs ran OS/2. Besides, OS/2 had its own problems.

    --
    Turning to a Linux advocate for thoughts on Microsoft is like asking Hitler how he felt about the Jews.
  7. Re:scrooge? by fuzzyfuzzyfungus · · Score: 2, Funny

    A good rootkit tries to blend in with its environment...

  8. Re:Redundancy by TheRaven64 · · Score: 2, Funny

    Since the post above you says exactly the same thing, I couldn't decide whether you should be moderated redundant or funny.

    --
    I am TheRaven on Soylent News
  9. 'M' is for Machine by ricosalomar · · Score: 3, Funny

    The summary refers to 'ATM machines.'

    I haven't read TFA article, but I wonder if you need a PIN number, or if the exploit uses a VM machine?

    Has someone notified the federal FBI bureau?

  10. Re:Interesting Hacks... by Zerth · · Score: 3, Funny

    AV on machines that shouldn't need them? yay...

    Relevant xkcd

  11. Re:Really? by Anonymous Coward · · Score: 1, Funny

    Tell me: at these 'restaurants', do the 'waitresses' take off their clothes while dancing on a stage?