Security researcher Barnaby Jack on Wednesday showed how easy it can be to trigger a waterfall of cash from a standard bank ATM using readily-available software applications.
In a presentation at the Black Hat USA 2010 conference in Las Vegas, Jack, director of research at IOActive, a Seattle-based security consulting company, used software to trick two standard ATMs into spitting out wads of cash while displaying "jackpot" on the screens.
According to a Wednesday report from Venturebeat, Jack was able to hack two ATMs built around the Windows CE operating system and either ARM or XScale processors.
He did so by using a common universal key and a USB stick to load a rootkit software application, along with another program to take over the ATMs. Jack claims to have hacked at least four different ATM machines, a couple of which have since been patched, VentureBeat said.
Jack also disclosed a couple of easy countermeasures to his hack, including physical locks with unique keys on the ATMs to stop thieves from easily accessing the machines. Vendors should also use a trusted software environment to prevent software hacks, VentureBeat said.
In Jack's description of his presentation on the Black Hat 2010 Website, he says he was originally scheduled to give his ATM hacking demo last year, but the talk was pulled at the last minute "due to circumstances beyond my control."
Jack also notes that most ATM attacks depend on external devices to skim data from customers' ATM cards, or on physically removing the ATMs to steal the cash, and that attacking the ATM software is rare.
However, Jack noted that this scenario was featured in one of Hollywood's most famous films.
"I've always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine. I think I've got that kid beat," he wrote.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
