CONTINUE TO SITE »
or wait 15 seconds

News

Hacker gives ATM officials a security lesson

July 28, 2010

 ATM manufacturers must use knowledge gained from an ethical hacker who discovered a way to force off-premise ATMs to dispense vault cash without  PINs, said Mike Lee, CEO of the ATM Industry Association.

“This type of research conducted by professionals like [Barnaby] Jack should be leveraged by our industry to improve ATM Security,” Lee said. “Even though we have produced a whole set of ATM guidelines, we are always looking to raise awareness to continuously improve security of the ATM channel in a global environment that is faced with an evolving risk of fraud.”

During the Black Hat conference yesterday in Las Vegas, Jack, who is director of security research at IOActive Inc. in Seattle, demonstrated how he forced three ATMs to dispense funds by exploiting the machines’ weaknesses in the computers that operate the ATMs.

Jack purchased machines online from different manufacturers.  He discovered that the physical keys were the same for all ATMs of that type made by that manufacturer.

He used the keys to unlock a compartment of the ATM that had standard USB slots. He then inserted a program he wrote for one of the machines, commanding it to dispense all of its vault cash. 

Jack also hacked ATMs by exploiting the weakness in the way in which ATM manufacturers communicate with the machines over the Internet. Outsiders are permitted to bypass the need for a password, he said. This type of hacking is considered very dangerous because a hacker can gain full control of the ATM without opening it up.

Jack taught industry officials an important lesson, Lee said.

“Independent Black Hat security briefings remind industry practitioners to stay vigilant, especially in regard to new and emerging threats,” he added.

Included In This Story

ATM Industry Association (ATMIA)

The ATM Industry Association, founded in 1997, is a global non-profit trade association with over 10,500 members in 65 countries. The membership base covers the full range of this worldwide industry comprising over 2.2 million installed ATMs.

Request Info
Learn More

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf

Software
Top 10 ATM software solutions
Software
Examining the past, present and future of XFS
Commentary
ATM features: 5 to include
Special Report
2024/25 ATM & Self-Service Software Trends
Presented by KAL ATM Software GmbH

Branch Transformation
At The Watercooler with Marc Solomon of ACG
Presented by ACG
Payments
Move over crypto: cash legislation is coming to Congress
Branch Transformation
The future of the branch is hybrid
White Paper
Streamlining Cash Management in a Post-Pandemic World
Presented by Cash Connect
Recent Posts
DC AG sues Bitcoin ATM operator Athena Bitcoin for allegedly exploiting scam victims
NCR Atleos earns #5 rank in fintech rankings
SEC to revamp cryptocurrency policies amid Trump's pro crypto push
Chase selects Nova Credit for cash flow underwriting
Metropolitan Commercial Bank named as an SBA loan provider


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'