Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Yesterday, during a flashy presentation at the Black Hat security conference in Las Vegas, a computer security expert showed several ways to break into ATMs.

Barnaby Jack, who is director of research at IOActive Labs, made cash pour from a machine for minutes on end. After studying four different companies’ models, he said, “every ATM I’ve looked at, I’ve found a ‘game over’ vulnerability that allowed me to get cash from the machine.” He’s even identified an Internet-based attack that requires no physical access.

The same talk was supposed to take place at last year’s Black Hat conference, but it was pulled at the last moment. In his presentation, which did not reveal the exact details of how he performed the attacks, Jack named two vendors–Triton and Tranax–and said he had been in contact with both about fixing the problems.

Jack demonstrated the attacks on two ATMs that he bought online and drove to Las Vegas from his company’s headquarters in San Jose. The hardware kit that he used in the demonstration cost less than $100 to make.

In one part of his presentation, he demonstrated a way for a thief to gain physical access to the ATM made by Triton. The device’s main circuit, or motherboard, is protected only by a door with a lock that is relatively easy to open (Jack was able to buy a key online). He then used a USB port on the motherboard to upload his own software, which changed the device’s display, played a tune, and made the machine spit out money.

6 comments. Share your thoughts »

Credit: Erica Naone/Technology Review
Video by Erica Naone, edited by Brittany Sauser

Tagged: Computing, security, hackers, Black Hat, hacking, hardware hacks

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me