Slashdot Mirror


ATM Hack Gives Cash On Demand

angry tapir writes "Windows CE-based ATMs can easily be made to dole out cash, according to security researcher Barnaby Jack. Exploiting bugs in two different ATMs at Black Hat, the researcher from IOActive was able to get them to spit out money on demand and record sensitive data from the cards of people who used them. Jack believes a large number of ATMs have remote management tools that can be accessed over a telephone. After experimenting with two machines he purchased, Jack developed a way of bypassing the remote authentication system and installing a homemade rootkit, named Scrooge."

8 of 193 comments (clear)

  1. I see what you did there... by fuzzyfuzzyfungus · · Score: 4, Funny

    This is clearly just a slashvertisement for Microsoft's expansion of their "Cashback" promotion from Bing to WinCE "The Product that Needs it More Than Bing"...

    Editorial standards these days... I ask you...

  2. Pretension by aliddell · · Score: 5, Funny

    Exploiting bugs in two different ATM machines

    'ATM machines'? Really?

    --
    What do you think, sirs?
    1. Re:Pretension by Spad · · Score: 4, Funny

      And he didn't even need a PIN Number

    2. Re:Pretension by RulerOf · · Score: 5, Funny

      Rumor has it that if the hacker can find the MAC controller address for the NIC card in the ATM machine, he can use specially crafted TCP/IP protocol and also expose your SSN number.

      --
      Boot Windows, Linux, and ESX over the network for free.
    3. Re:Pretension by need4mospd · · Score: 4, Funny

      But only ATM machines with specific UPC codes and LCD displays will do this. And you should make sure your PC computer has enough RAM memory and is setup to run on AC current using only RF frequencies to communicate. Always back up these transactions to a DAT tape or CD disks. If you do this right, you should be able to avoid any VAT taxes so you can afford more KFC chicken.

  3. Re:Redundancy by prionic6 · · Score: 4, Funny

    But who makes the ATMMs?

    It's machines all the way down!

  4. 'M' is for Machine by ricosalomar · · Score: 3, Funny

    The summary refers to 'ATM machines.'

    I haven't read TFA article, but I wonder if you need a PIN number, or if the exploit uses a VM machine?

    Has someone notified the federal FBI bureau?

  5. Re:Interesting Hacks... by Zerth · · Score: 3, Funny

    AV on machines that shouldn't need them? yay...

    Relevant xkcd