ATMs At Risk, Researcher Warns At Black Hat
Source: Dark Reading - Posted by Anthony Pell   
Latest News A security researcher today gave notice to companies that make automated teller machines (ATMs). Here on the first day of the Black Hat conference, Barnaby Jack, director of research at IOActive, demonstrated attacks that would allow a criminal to compromise ATMs, allowing hypothetical thieves to steal cash, copy customers' ATM card data, or learn the master passwords of the machines. While one of the attacks required a few seconds to open the ATM and insert a USB drive with code to overwrite the system, the other attack used a remote management feature commonly found on standalone ATMs.

Jack's presentation targeted machines made by Tranax and Triton, but other ATMs likely have similar security issues, he said.

"I found specific vulnerabilities in the ATM machines," Jack said during a press conference following the presentation. "But the attack surface is [similar] across the ATM industry as a whole ... In every ATM system I've looked at, I've been able to find flaws."

Jack said he used fairly simple analyses of the operating system and software commonly found on ATMs to create the exploits he demonstrated on stage. "We are back to 1999 in terms of code quality," he said.

Read this full article at Dark Reading

Only registered users can write comments.
Please login or register.

Powered by AkoComment!