CONTINUE TO SITE »
or wait 15 seconds

Article

Triton issues dramatic ATM security warning

August 15, 2010

Triton has issued a dramatic security alert to its customers after an ethical hacker figured out a way to get Triton ATMs to dispense all of their vault cash.

Triton’s notification includes a photo of a pistol that asks the question, “Are you playing Russian Roulette with your ATM?” The warning then goes on to say, “With thieves getting more creative about finding ways to get at other people’s money, ATM owners must be vigilant in keeping up to date with all of the available methods to protect against fraud attempts.”

The notification then uses seven bullet points — literal images of bullets — to further get customers’ attention. Three of the bullet points ask if customers have installed all recommended security patches, changed all default passwords and installed high-security locks on all of their ATMs.

Triton issued the warning after Barnaby Jack, director of security at IOActive Inc., a Seattle-based security firm, demonstrated during the Black Hat conference in Las Vegas  how he forced three ATMs, including one made by Triton, to dispense all of the funds stored in their safes. In the case of Triton, Jack inserted a disk that took control of the computer that operated the machine.

Triton's security warning

After Jack’s demonstration, Mike Lee, CEO of the ATMIA, said, "This type of research conducted by professionals like Jack should be leveraged by our industry to improve ATMs. Even though we have produced a whole set of ATM guidelines, we are always looking to raise awareness to continuously improve security of the ATM channel in a global environment that is faced with an evolving risk of fraud.”

Jack purchased the ATMs online. After his effective demonstration, Triton and Hantle, formerly Tranax Technologies Inc., issued security warnings concerning “Jackpotting ATMs,” which occurs when a hacker gets an ATM to dispense all of its vault cash. 

Triton’s security warning applied to any ATM with the X2 platform purchased before Nov. 15, 2009 and any Triton with the X Scale platform, which is no longer in production. The security alert also applied to the Hantel 1700W, Hantel C4000 and Hantel 4000T.

story continues below...advertisement
 
 
Mobile Banking: Future Trends and the State of the Industry 

Mobile Banking: Future Trends and the State of the Industry

As smartphones become more ubiquitous, people are increasingly accustomed to having instant access to data, making mobile banking a growing sector of the financial industry. But what do people really want from mobile banking? How can banks use it to increase ROI?

ATMmarketplace.com surveyed more than 800 customers and financial professionals to determine the future of mobile banking.
 

 

Triton, which is based in Long Beach, Miss., last fall released a software update for ATM models built on the X2 platform. “The update employs digital signatures to prevent loading of unauthorized software onto Triton’s ATMs,” executives of the manufacturer said. Bob Douglas, Triton’s vice president of engineering and product development, said Jack purchased the ATMs on the Internet, and Triton’s security patch was not installed.

Although the Triton’s initial warning was strong, its latest salvo is very powerful.
“I wanted to get their [customers’] attention,” said Douglas, who came up with the idea. “If customers support the security system as whole, the network is more secure.” But clients often ignore some parts, he said.

He explained that MACing (Message Authentication Code), the second bullet point, has received very little reaction from the industry officials. MACing prevents the hijacking of transactions between the host to the ATM, he said. “We sent out a bulletin in April 2009 about MACing and got very little response,” Douglas said.

Included In This Story

Triton Systems

Triton FI based products • NO Windows 10™ Upgrade • Secured locked down system that is virus/malware resistant • Flexible configurations - Drive-up and Walk-up • Triton's high security standards • NFC, anti-skim card reader, IP camera and level 1 vaults are all options • Triton Connect monitoring • Lower cost

Request Info
Learn More

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf

Payments
Kinective improves cash ecosystem through ESQ acquisition
Payments
Are ATMs still a profitable business?
Branch Transformation
At The Watercooler with Marc Solomon of ACG
Presented by ACG
White Paper
Maximizing Efficiency with Managed Services
Presented by Cash Connect
Featured Vendor

Simple | Secure | Service | Solutions. From ATM sales, support, and service to enterprise security solutions with Next Generation technology. ‍Think CSG First. We Make it Happen!

Learn More
Recent Posts
Fifth Third Bank to acquire Comerica in $10.9B deal
EU considers sanctioning Russian-backed stablecoin A7A5
NCR Atleos partners with Moto for Cashzone ATM access
SECU celebrates 6th annual kindness campaign
Former Comptroller of the Currency joins ModernFi board


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'