Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

An attack was also performed on the Tranax device, which is designed to accept software upgrades over an Internet phone link. Jack showed that a vulnerability in the machine’s software allowed him to bypass its authentication system and break in remotely.

Jack said it is possible to find ATMs by using a computer to call one phone number after another; he was able to locate numerous machines within a couple of hours by searching through a 10,000-number exchange. An attacker could then exploit the software vulnerability to install control software known as a rootkit. To withdraw money, the attacker would visit the ATM later with a fake card or steal information from other users.

Jack urged manufacturers to improve the physical locks protecting ATM motherboards and disable the ability to upgrade firmware remotely. He also suggested that the devices’ code be reviewed thoroughly. “I want to change the way people look at devices that are seemingly impenetrable,” he said.

Bob Douglas, vice president of engineering at Triton, said the company has developed a defense against Jack’s attack. The fix was released in November of last year, but Douglas couldn’t say what percentage of customers had implemented it. He added that the company plans to review its code and does sell ATMs with the option for a higher-security lock. Jack said he’s also been in touch with Tranax about the vulnerabilities he found in its machines.

6 comments. Share your thoughts »

Credit: Erica Naone/Technology Review
Video by Erica Naone, edited by Brittany Sauser

Tagged: Computing, security, hackers, Black Hat, hacking, hardware hacks

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me