12 December 2017
visit www.solutions.lexisnexis.com

Cash machine 'jackpot' demo pulled at request of ATM vendor

01 July 2009  |  12809 views  |  1 atm

A security analyst scheduled to perform a live demo of an ATM cracking operation at a hacker's conference in Las Vegas has pulled out of the show after the cash machine manufacturer called for more time to protect bank customers from the vulnerability.

Barnaby Jack, a researcher with Juniper Networks, was to give a talk at the upcoming Black Hat conference showing how he could 'jackpot' a popular ATM brand by exploiting a vulnerability in its software.

The conference blurb for his presentation promised that Jack would "explore both local and remote attack vectors, and finish with a live demonstration of an attack on an unmodified, stock ATM".

However, the ATM vendor in question contacted his employer Juniper Networks and called for the talk to be pulled.

In a statement, Juniper says: "The affected ATM vendor has expressed to us concern about publicly disclosing the research findings before its constituents were fully protected. Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack's presentation until all affected vendors have sufficiently addressed the issues found in his research."

Earlier this week, analysts at Trustwave warned of the spread of a malware infection on Windows ATMs that enabled criminals to harvest card data and PIN codes via the machine's recipt printer. Analysts also discovered code indicating that the malware could eject the cash dispensing cassette.

Back in 2003, Diebold partnered with firewall vendor Sygate in an effort to protect its automated teller machines from future virus attacks after admitting that a computer worm had infected devices at two of its banking customers.

However, it issued an alert earlier this year warning that Russian hackers had installed rogue software on some Opteva ATMs in Russia and the Ukraine. The vendor said it would issue a security software update to address the risk and recommended urgent installation on all of its Windows ATMs globally.

Comments: (1)

A Finextra member
A Finextra member | 02 July, 2009, 19:16

Black Hat had more information on the talk (now removed):

"Rarely do we see any targeted attacks on the underlying softare. This presentation will retrace the steps I took to interface with, analyze, and find a vulnerablity in a line of popular new ATMs."

My guess is he was going to exploit the Hardware Security Module.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Criminal malware infection hits Eastern European cash machines

Criminal malware infection hits Eastern European cash machines

29 June 2009  |  7508 views  |  0 comments
Diebold takes virus protection measures after worm spreads to cash machines

Diebold takes virus protection measures after worm spreads to cash machines

12 December 2003  |  6080 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.solutions.lexisnexis.comvisit www.atos.netvisit http://info.nice.com

Top topics

Most viewed Most shared
Saxo Bank's 'Outrageous Prediction': Bitcoin to peak at $60k next year before spectacular crashSaxo Bank's 'Outrageous Prediction': Bitco...
11770 views comments | 7 tweets | 7 linkedin
Deutsche Bank paper hails 'huge' blockchain potentialDeutsche Bank paper hails 'huge' blockchai...
8606 views comments | 15 tweets | 21 linkedin
Santander UK poaches Barclays innovation chief Michael HarteSantander UK poaches Barclays innovation c...
7052 views comments | 8 tweets | 17 linkedin
Alior Bank to use Open API platform and accelerator to create fintech marketplaceAlior Bank to use Open API platform and ac...
6766 views comments | 19 tweets | 11 linkedin
PSD2: Laying the regulatory foundation for a new age in paymentsPSD2: Laying the regulatory foundation for...
6596 views comments | 17 tweets | 35 linkedin

Featured job

Find your next job