(Page 2 of 2)
An attack was also performed on the Tranax device, which is designed to accept software upgrades over an Internet phone link. Jack showed that a vulnerability in the machine's software allowed him to bypass its authentication system and break in remotely.
Jack said it is possible to find ATMs by using a computer to call one phone number after another; he was able to locate numerous machines within a couple of hours by searching through a 10,000-number exchange. An attacker could then exploit the software vulnerability to install control software known as a rootkit. To withdraw money, the attacker would visit the ATM later with a fake card or steal information from other users.
Jack urged manufacturers to improve the physical locks protecting ATM motherboards and disable the ability to upgrade firmware remotely. He also suggested that the devices' code be reviewed thoroughly. "I want to change the way people look at devices that are seemingly impenetrable," he said.
Bob Douglas, vice president of engineering at Triton, said the company has developed a defense against Jack's attack. The fix was released in November of last year, but Douglas couldn't say what percentage of customers had implemented it. He added that the company plans to review its code and does sell ATMs with the option for a higher-security lock. Jack said he's also been in touch with Tranax about the vulnerabilities he found in its machines.
New attacks highlight the growing threat to smart phones.
For every lock made, there will eventualy be an unlocker, its always just a matter of time. Staying ahead of the curve is an endless task.
I'm not sure where the housing market comes into ATM cracking though.
Social attacking is the hard bit
He's talking about performing a social attack. He has to get on the premises and be allowed access to the ATM after first finding out the OS used in ATMs and presenting at a guess a 'CD-ROM' bootable USB stick? (I bet they're running Windows!).
I can't believe that the ATM door key can just be bought over the Internet.
Gaping big security hole - the IT security design staff at the ATM manufacturers should be all fired.
Re: Social attacking is the hard bit
He did say they were running Windows.
He did three attacks--1 one of which requires physical access as you describe, but two of which do not.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
This document is part of the “How-To Guide for Most Common Measurements” centralized resource portal. This tutorial provides a detailed guide for measurement and device considerations to take temperature measurements using thermocouples. Get an introduction to thermocouples, which are inexpensive sensing devices widely used with PC-based data acquisition systems. Also review some specific thermocouple examples and learn how thermocouples work and ways to integrate them into a data acquisition measurement system.
View full PDF >
Listen to story > 
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
mattgroom
290 Comments
Thats not a real crime...
Still a chance to be recorded doing it and traced back i presume?
If you want a better way to get money, just find your local drug dealers, shoot them all and take there money. I don't think the police will be bothered by that one.
Still that pales in comparison to (legal methods) the rental market where some owners have thousands of houses in areas and charge what they like....They should limit home-owners to one home...period. Other properties should be run as rentals by the government in a rent to buy scheme. Removing banks and their excessive 100% payback schemes will be a giant leap forward against crime.
This is the real crime against good people.
Reply
bdd
1 Comment
Re: Thats not a real crime...
One home per person, all the rest owned by the government? 100% payback scheme by banks? Please tell me your socialist/communist views are in the minority on your campus or in your commune. One place you will find more believers like yourself would be the White House. You should apply to be an intern, they would love you there.
Reply
bytor45
1 Comment
Re: Thats not a real crime...
Shoot drug dealers? Whoa dude where did that come from? How about we make the government the drug dealer, wouldn't that be better. Maybe ATM's can dispense drugs. One ATM per house per person with drugs, run by the government...
Reply