"Every ATM I've looked at, I've found a game-over vulnerability that allows an attacker to get cash from the machine," Jack said. The vulnerabilities and programming errors he unearthed during that process, Jack said, let him gain complete access to those machines and learn techniques that can be used to open the built-in safes of many others made by the same companies. Jack said he bought the pair of standalone ATMs-one manufactured by Tranax Technologies and the other by Triton-over the Internet and then spent years poring over the code. One vulnerability he demonstrated even allows a hacker to connect to the ATM through a telephone modem and, without knowing a password, instantly force it to disgorge its entire supply of cash. "I hope to change the way people look at devices that from the outside are seemingly impenetrable," said Jack, a New Zealand native who lives in the San Jose area.
With the right software, it's actually pretty easy.īarnaby Jack, director of security testing at Seattle-based IOActive, hauled two ATMs onto the Black Hat conference stage and demonstrated to a rapt audience the fond daydream of teenage hackers everywhere: pressing a button and having an automated teller machine spew out its cash until a pile of paper lay on the ground. LAS VEGAS-Hacking into an ATM isn't impossible, a security researcher showed Wednesday.
0 kommentar(er)
