ATM Hack Gives Cash On Demand

angry tapir writes "Windows CE-based ATMs can easily be made to dole out cash, according to security researcher Barnaby Jack. Exploiting bugs in two different ATMs at Black Hat, the researcher from IOActive was able to get them to spit out money on demand and record sensitive data from the cards of people who used them. Jack believes a large number of ATMs have remote management tools that can be accessed over a telephone. After experimenting with two machines he purchased, Jack developed a way of bypassing the remote authentication system and installing a homemade rootkit, named Scrooge."

Re:Interesting Hacks...

[dissy]

To start with, you have the master keys that allow the machine to communicate with the processor. After they are input, they're encrypted and stored in epoxy buried chips in the keypad, and any interruption of electrical power to those chips (which runs through fry wires from a battery also stored within the epoxy matrix) kills the keys.

I find it amazing that at least for a certain hardware vendor, when it comes to the machines holding the money, they resort to such extreme levels of security (Which is great btw!), yet when the machine is 'only' designed to hold the nations vote count for its next leader, for some reason now MSAccess files and user accessible CF cards with OS and data are concidered best practices!