ATM Hack Gives Cash On Demand

ATM Hack Gives Cash On Demand 193

Posted by samzenpus on Thursday July 29, 2010 @07:57AM from the one-card-bandit dept.

angry tapir writes "Windows CE-based ATMs can easily be made to dole out cash, according to security researcher Barnaby Jack. Exploiting bugs in two different ATMs at Black Hat, the researcher from IOActive was able to get them to spit out money on demand and record sensitive data from the cards of people who used them. Jack believes a large number of ATMs have remote management tools that can be accessed over a telephone. After experimenting with two machines he purchased, Jack developed a way of bypassing the remote authentication system and installing a homemade rootkit, named Scrooge."

ATM Hack Gives Cash On Demand

This discussion has been archived. No new comments can be posted.

Search 193 Comments Log In/Create an Account

Comments Filter:

I see what you did there... (Score:4, Funny)

by fuzzyfuzzyfungus ( 1223518 ) writes: on Thursday July 29, 2010 @08:00AM (#33067172) Journal

This is clearly just a slashvertisement for Microsoft's expansion of their "Cashback" promotion from Bing to WinCE "The Product that Needs it More Than Bing"...

Editorial standards these days... I ask you...

Pretension (Score:5, Funny)

by aliddell ( 1716018 ) writes: on Thursday July 29, 2010 @08:09AM (#33067250)

Exploiting bugs in two different ATM machines
'ATM machines'? Really?

Re:MSFT Fanboys HURRY! (Score:1, Funny)

by Anonymous Coward writes: on Thursday July 29, 2010 @08:12AM (#33067284)

Only need one: he didn't hack the OS, only the applications running on top of the OS.

Re:Redundancy (Score:3, Funny)

by betterunixthanunix ( 980855 ) writes: on Thursday July 29, 2010 @08:13AM (#33067302)

Something has to build the ATMs! Clearly, this hacker has discovered that the robots that build ATMs also create money.

Re:Pretension (Score:5, Funny)

by Spad ( 470073 ) writes: <`slashdot' `at' `spad.co.uk'> on Thursday July 29, 2010 @08:19AM (#33067352) Homepage

And he didn't even need a PIN Number

Re:Redundancy (Score:5, Funny)

by prionic6 ( 858109 ) writes: on Thursday July 29, 2010 @08:20AM (#33067368)

But who makes the ATMMs?

It's machines all the way down!

Re:Pretension (Score:3, Funny)

by Darth_brooks ( 180756 ) * writes: <[clipper377] [at] [gmail.com]> on Thursday July 29, 2010 @08:22AM (#33067390) Homepage

Yeah, ATM Machines. Those things that you put your PIN Number into.

Re:Interesting Hacks... (Score:0, Funny)

by RMS Eats Toejam ( 1693864 ) writes: on Thursday July 29, 2010 @08:28AM (#33067452)

... all the ATMs were running OS/2.
There was never a time when all ATMs ran OS/2. Besides, OS/2 had its own problems [wikipedia.org].

Re:scrooge? (Score:3, Funny)

by fuzzyfuzzyfungus ( 1223518 ) writes: on Thursday July 29, 2010 @08:39AM (#33067530) Journal

A good rootkit tries to blend in with its environment...

Re:Pretension (Score:3, Funny)

by davidbrit2 ( 775091 ) writes: on Thursday July 29, 2010 @09:31AM (#33068056) Homepage

I think that would be the machine operating the machine that's operating the ATM. It brings the level of automation to where you only have to subconsciously think of money, or anything that rhymes with money in order to make a withdrawal.

Re:Redundancy (Score:3, Funny)

by TheRaven64 ( 641858 ) writes: on Thursday July 29, 2010 @09:42AM (#33068198) Journal

Since the post above you says exactly the same thing, I couldn't decide whether you should be moderated redundant or funny.

'M' is for Machine (Score:3, Funny)

by ricosalomar ( 630386 ) writes: on Thursday July 29, 2010 @09:52AM (#33068338)

The summary refers to 'ATM machines.'
I haven't read TFA article, but I wonder if you need a PIN number, or if the exploit uses a VM machine?
Has someone notified the federal FBI bureau?

Re:Pretension (Score:5, Funny)

by RulerOf ( 975607 ) writes: on Thursday July 29, 2010 @10:10AM (#33068550)

Rumor has it that if the hacker can find the MAC controller address for the NIC card in the ATM machine, he can use specially crafted TCP/IP protocol and also expose your SSN number.

Re:Interesting Hacks... (Score:4, Funny)

by Zerth ( 26112 ) writes: on Thursday July 29, 2010 @10:30AM (#33068828)

AV on machines that shouldn't need them? yay...
Relevant xkcd [xkcd.com]

Re:Pretension (Score:4, Funny)

by need4mospd ( 1146215 ) writes: on Thursday July 29, 2010 @11:07AM (#33069384)

But only ATM machines with specific UPC codes and LCD displays will do this. And you should make sure your PC computer has enough RAM memory and is setup to run on AC current using only RF frequencies to communicate. Always back up these transactions to a DAT tape or CD disks. If you do this right, you should be able to avoid any VAT taxes so you can afford more KFC chicken.

Re:Really? (Score:1, Funny)

by Anonymous Coward writes: on Thursday July 29, 2010 @12:55PM (#33071264)

Tell me: at these 'restaurants', do the 'waitresses' take off their clothes while dancing on a stage?

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

ATM Hack Gives Cash On Demand 193

ATM Hack Gives Cash On Demand More Login

ATM Hack Gives Cash On Demand

I see what you did there... (Score:4, Funny)

Pretension (Score:5, Funny)

Re:MSFT Fanboys HURRY! (Score:1, Funny)

Re:Redundancy (Score:3, Funny)

Re:Pretension (Score:5, Funny)

Re:Redundancy (Score:5, Funny)

Re:Pretension (Score:3, Funny)

Re:Interesting Hacks... (Score:0, Funny)

Re:scrooge? (Score:3, Funny)

Re:Pretension (Score:3, Funny)

Re:Redundancy (Score:3, Funny)

'M' is for Machine (Score:3, Funny)

Re:Pretension (Score:5, Funny)

Re:Interesting Hacks... (Score:4, Funny)

Re:Pretension (Score:4, Funny)

Re:Really? (Score:1, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot