Black Hat Conference Shows ATM ‘Jackpotting’
Researcher Barnaby Jack demonstrated two hacking ways for automated teller machines to churn out dozens of bills.
One method involves remotely programming an ATM over a network, while the other one required him to open the machine’s front panel where he can plug in a malware-loaded USB stick.
In this demonstration, the ATM at the conference spewed out dozens after dozens of crisp dollar bills.
According to Wired.com, Jack, IOActive Labs security research director, focused his hack research on standalone and hole-in-the-wall ATMs “he kind installed in retail outlets and restaurants. He did not rule out that bank ATMs could have similar vulnerabilities, though he hasn’t yet examined them.”
For the demonstration during the Black Hat conference, Jack hacked the ATM systems by Triton and Tranax.
In hacking Tranax’s system, the researcher took advantage of the system’s authentication bypass vulnerability which he found in the system’s remote monitoring feature.
Meanwhile, in attacking the Triton system, Wired.com said Jack took advantage of a “security flaw that allowed unauthorized programs to execute on the system. The company distributed a patch last November so that only digitally signed code can run on them.”