| Welcome to The New Coffee Room. We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. Join our community! If you're already a member please log in to your account to access all of our features: |
| This Hacker Has The Keys To The ATM Kingdom | |
|---|---|
| Tweet Topic Started: Aug 4 2010, 06:57 AM (311 Views) | |
| Qaanaaq-Liaaq | Aug 4 2010, 06:57 AM Post #1 |
![]()
Senior Carp
|
http://www.abc.net.au/news/stories/2010/08/01/2970075.htm?section=justin Hacker shows off remote ATM exploit Posted Sun Aug 1, 2010 10:06am AEST A computer hacker has demonstrated a technique to remotely make an ATM spit out cash using the internet. New Zealand researcher Barnaby Jack publicly showed off the "ATM jackpotting" technique at the DefCon hackers conference in Las Vagas, in the United States. Mr Jack proved his findings using two kinds of ATMs typically found in corner stores, bars or other "stand-alone" venues in the US, but said the flaw likely exists in machines at well-known banks. "You don't have to go to the ATM at all," Mr Jack said. "You can do it from the comfort of your own bedroom." Mr Jack says banks use remote management software to monitor and control their ATMs. He says he used a weakness in that software to take control of machines over the internet. He says his method bypasses the need to submit passwords and serial numbers to access ATMs remotely. Once in the machines, he says he can command them to spit out cash or transfer funds. He says he could also capture account data from magnetic strips on credit or bank cards as well as passwords punched in by ATM users. "When you think about ATM security you generally think about the hardware side; is it bolted down and are the cameras in position," Mr Jack said. "This is the first time anyone has taken the approach of trying to attack the underlying software. "It is time to find software defences rather than hardware defences." Mr Jack did not reveal specifics of the attack to hackers at the conference, but did tell ATM makers about the flaw so they could bolster machine defences. "I might get my butt in hot water if I released the code," he said. "I was careful not to release the keys to the kingdom." Mr Jack says he has grown wary of ATMs since discovering the remote exploit. "I just keep my cash under the bed now," he said. Edited by Qaanaaq-Liaaq, Aug 4 2010, 06:58 AM.
|
![]() |
|
| Qaanaaq-Liaaq | Aug 4 2010, 06:58 AM Post #2 |
![]()
Senior Carp
|
I once discovered an ATM programming problem. The problem had to do with a pin no. if it started with leading zeroes. My pin no. started with a leading zero. Instead of entering all four numbers, I noticed that I could skip the leading zero and just enter the three non-zero digits, and the ATM machine would accept it. I told the bank about it and shortly afterward they fixed the problem. Now, all four digits must be entered. |
![]() |
|
| Axtremus | Aug 4 2010, 07:16 AM Post #3 |
|
HOLY CARP!!!
|
One digit down, only a thousand combinations left.
|
![]() |
|
| The 89th Key | Aug 4 2010, 10:12 AM Post #4 |
|
QL - very interesting article. Thanks for sharing |
![]() |
|
| « Previous Topic · The New Coffee Room · Next Topic » |







4:23 PM Jul 10