Researcher shows off ATM 'jackpot' hacks

Researcher shows off ATM 'jackpot' hacks

A security researcher has demonstrated two hacks on ATMs, forcing the machines to spew out cash, at the Black Hat conference in Las Vegas.

Barnaby Jack, a researcher at security firm IOActive, was forced to pull his demonstration at the event last year after the cash machine manufacturer called for more time to find patches.

This year he went ahead with the exhibition, hacking ATMs from Triton and Tranax - both of which run on Microsoft's Windows C.

To 'jackpot' the Triton machine he used a key available for sale online to open it up and install a USB containing malware which forced it to spew out all its notes.

The Tranax ATM was hacked through a vulnerability in its remote monitoring system which enabled him to exploit software that uses the Internet or phone lines to take control of it. He then uploaded code forcing the machine to spit out all of its cash and letting him view administrative passwords and account PINs.

"I've always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine. I think I've got that kid beat," says Jack.

Triton and Tranax have both issued fixes for the vulnerabilities.

Comments: (0)