Hacker Breaks ATM Security

CheeseMan42 - July 29, 2010 08:34PM in Trade Shows/Conventions

At the Black Hat security conference, Barnaby Jack demonstrated two ways to get money from an ATM machine. These exploits can be done in person or remotely. One exploit requires a master key and to be at the ATM machine. The other involves connecting remotely to do your dirty work. In the latter method, the remote authentication is bypassed and a rootkit, named Scrooge, is installed. Another tool, Dillinger, allows him to keep track of compromised machines and the people who use them. Criminals can find the vulnerable machines through war-dialling, to find which machines respond. The hack had been discovered last year, but ATM vendors asked Jack to hold off until they were able to patch the vulnerability.