Although money may not grow on trees, it can spew from an ATM–at least if you’re computer security expert Barnaby Jack. He demonstrated recently at a security conference in Las Vegas how to get an ATM to spit money for minutes on end. Jack purchased the ATMs online, and says the tools required to hack them cost less than $100, according to Technology Review:
“After studying four different companies’ models, he said, “every ATM I’ve looked at, I’ve found a ‘game over’ vulnerability that allowed me to get cash from the machine.” He’s even identified an Internet-based attack that requires no physical access.”
Of course, Jack didn’t reveal how exactly he hacked the machines… but he came pretty close. In one demonstration Black explained:
“The device’s main circuit, or motherboard, is protected only by a door with a lock that is relatively easy to open (Jack was able to buy a key online). He then used a USB port on the motherboard to upload his own software, which changed the device’s display, played a tune, and made the machine spit out money [for several minutes].”
Some ATMs remain very vulnerable to remote attacks as well, Jack explained, such as those designed to accept software upgrades over the Internet. For example, a hacker can circumvent an ATM authentication system by installing his or her own software, which the hacker could then exploit using someone else’s information or a fake card.
Jack said he hoped the demonstration would spur manufacturers to make ATMs more secure. Maybe we’re just cynical, but with every new lock or security measure, won’t new hackers arise to bypass them?
Check out Tech Review‘s video about Jack’s demonstration. The best bit—hacked ATM plays silly music and spits out money—starts at 1:15:
Discoblog: iCop: Police to Use Facial Recognition App to Nab Criminals
Discoblog: Crime-Fighting Kitties: Cat Hair Could Be the Next Forensic Tool
Discoblog: True Crime, Real-Time: Live Streaming Mugshots to Your iPhone
Image: flickr / thinkpanama