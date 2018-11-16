Slashdot is powered by your submissions, so send in your scoop

 


Most ATMs Can Be Hacked in Under 20 Minutes (zdnet.com) 66

Posted by msmash from the security-woes dept.
An extensive testing session carried out by bank security experts at Positive Technologies has revealed that most ATMs can be hacked in under 20 minutes, and even less, in certain types of attacks. From a report: Experts tested ATMs from NCR, Diebold Nixdorf, and GRGBanking, and detailed their findings in a 22-page report published this week. The attacks they tried are the typical types of exploits and tricks used by cyber-criminals seeking to obtain money from the ATM safe or to copy the details of users' bank cards (also known as skimming). Experts said that 85 percent of the ATMs they tested allowed an attacker access to the network. The research team did this by either unplugging and tapping into Ethernet cables, or by spoofing wireless connections or devices to which the ATM usually connected to. Researchers said that 27 percent of the tested ATMs were vulnerable to having their processing center communications spoofed, while 58 percent of tested ATMs had vulnerabilities in their network components or services that could be exploited to control the ATM remotely.

  • with a hacksaw?

  • Under 20 minutes and even less? (Score:2)

    by Anonymous Coward

    Is that the same as even less than under 20 minutes?

  • Banks (Score:2)

    by Zorro ( 15797 )

    Good thing they got rid of those banks with safes and armed guards.

    Might take some real risks to rob a bank.

  • Diebold made voting machines.

    Everyone else in that industry is just as bad. No threat models, at all. That's why I'm getting into the industry.

  • No they can’t. Not in a bank? (Score:1)

    by Anonymous Coward

    These attacks seem to require you to be alone with the machine, while having access to its backside where the cables come out.
    Yeah... veeery realistic. --.--

    Try again with a vandalism-hardened ATM in a brick wall with cameras and security personnel looking at them. Then and only then do you get to write sensationalist headlines like this.

    Why do you think the PIN only has 4 digits most of the time? Not because that's so hard to crack. It's only a token. The security is provided by what's around it.

    (And yeah,

  • the title, blah blah (Score:3)

    by BringsApples ( 3418089 ) on Friday November 16, 2018 @03:57PM (#57657710)
    What constitutes "hacking" these machines? Root access? Money shooting out? Transfer of funds from accountA to accountB?

    • Every one of the methods involved opening/unlocking the physical casing! Obviously, being able to remove the HDD or insert a USB drive is going to make the hack a lot easier.

    • apparently it means somehow pulling the machine out of the wall to access it's physical network connections. I was thinking this was a great idea for extra cash but.. seriously this isn't a realistic hack for the average Joe thief.
  • These guys did it in 36 seconds. [youtube.com] Granted, network hacks and elegant solutions need to be addressed. But what's the point if you cant keep a couple of guys with a pickup truck and a chain from driving off with it. It always reminds me of this xkcd. [xkcd.com]

  • I mean, are banks actually running across a regular problem where they go to refill an ATM machine and verify all the transactions, and discover somebody emptied out a few hundred or thousand bucks that they can't account for?

    Seeing the attitude they seem to take with credit card fraud (just cancel the card, refund the fraudulent transactions and move on) ... I guess nothing would surprise me. But I have to think the number of folks with the expertise to pull these hacks off who ALSO would risk jail time t

  • 20 minutes to hack an ATM seems pretty crazy, right? Don't worry, I have a solution.

    Let's start an ATM Thieves Guild. It's unacceptable that in today's busy world that it takes so long to commit crimes. We promise to make Moore's Law work for you, and get that time down to 10 minutes or less.

  • Uhh, what? (Score:3)

    by dnaumov ( 453672 ) on Friday November 16, 2018 @06:08PM (#57658468)

    What are you talking about. Why would an ATM have wifi-anything and why would you have an ATM with an ethernet cable accessible in a timeframe that less than what it takes for cops to arrive?

