Slashdot Mirror

← Back to Stories (view on slashdot.org)

Most ATMs Can Be Hacked in Under 20 Minutes (zdnet.com)

Posted by msmash on from the security-woes dept.

An extensive testing session carried out by bank security experts at Positive Technologies has revealed that most ATMs can be hacked in under 20 minutes, and even less, in certain types of attacks. From a report: Experts tested ATMs from NCR, Diebold Nixdorf, and GRGBanking, and detailed their findings in a 22-page report published this week. The attacks they tried are the typical types of exploits and tricks used by cyber-criminals seeking to obtain money from the ATM safe or to copy the details of users' bank cards (also known as skimming). Experts said that 85 percent of the ATMs they tested allowed an attacker access to the network. The research team did this by either unplugging and tapping into Ethernet cables, or by spoofing wireless connections or devices to which the ATM usually connected to. Researchers said that 27 percent of the tested ATMs were vulnerable to having their processing center communications spoofed, while 58 percent of tested ATMs had vulnerabilities in their network components or services that could be exploited to control the ATM remotely.

9 of 78 comments (clear)

  1. Re:Can they be hacked by Locke2005 · · Score: 2

    Pickup trucks appear to be the meth addicts tool of choice. (Google it)

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  2. Re:So what? by Nidi62 · · Score: 5, Insightful

    Anyone with sense limits the amount of money in their ATM / online banking accessible account to a small amount, like 15-20k, unless a large purchase is coming. This is a simple way to protect yourself.

    The majority of people in the US don't even have enough liquid money to afford a $1000 emergency and you think 15-20k is a small amount?

    --
    The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  3. Under 20 minutes and even less? by Anonymous Coward · · Score: 3, Funny

    Is that the same as even less than under 20 minutes?

  4. Re:So what? by bob4u2c · · Score: 2

    Anyone with sense limits the amount of money in their ATM / online banking accessible account to a small amount, like 15-20k, unless a large purchase is coming. This is a simple way to protect yourself.

    [British Accent]Quite right you are my man. Unless Foofy needs a new rolls I try to limit my personal cashier boy to a similar small fund which they may withdraw from these mechanical money boxes. Least the less trustworthy boys have been known to drain a persons account to the point that one must take a public jet to the Alps instead our families private whirly birds.[/British Accent]

  5. the title, blah blah by BringsApples · · Score: 2

    What constitutes "hacking" these machines? Root access? Money shooting out? Transfer of funds from accountA to accountB?

    --
    Politics; n. : A religion whereby man is god.
    1. Re:the title, blah blah by deathguppie · · Score: 4, Informative

      apparently it means somehow pulling the machine out of the wall to access it's physical network connections. I was thinking this was a great idea for extra cash but.. seriously this isn't a realistic hack for the average Joe thief.

      --
      once more into the breach
  6. 20 minutes? by The+Grim+Reefer · · Score: 2

    These guys did it in 36 seconds. Granted, network hacks and elegant solutions need to be addressed. But what's the point if you cant keep a couple of guys with a pickup truck and a chain from driving off with it. It always reminds me of this xkcd.

  7. Uhh, what? by dnaumov · · Score: 2

    What are you talking about. Why would an ATM have wifi-anything and why would you have an ATM with an ethernet cable accessible in a timeframe that less than what it takes for cops to arrive?

  8. Re:So what? by F.Ultra · · Score: 2

    Don't you have the colouring anti theft measures in the ATMs in the US?