Security guru demonstrates ATM machine hack
By Declan McCullagh, CNET News, 30 July, 2010 08:41
Barnaby Jack, director of security testing at Seattle-based IOActive, hacked an ATM machine at the Black Hat conference in Las Vegas, forcing the machine to spew out its cash.
“I hope to change the way people look at devices that from the outside are seemingly impenetrable,” said Jack, a New Zealand native who lives in the San Jose area. One vulnerability he demonstrated even allows a hacker to connect to the cash point through a telephone modem and, without knowing a password, instantly force it to disgorge its entire supply of cash.
Jack said he bought the pair of stand-alone ATMs — one manufactured by Tranax Technologies and the other by Triton — over the internet and then spent years poring over the code. The vulnerabilities and programming errors he unearthed during that process, Jack said, let him gain complete access to those machines and learn techniques that can be used to open the built-in safes of many others made by the same companies.
For more on this ZDNet UK selected story, see Security researcher demonstrates ATM hacking on CNET News.
“I hope this can inspire those in my class to step into the security field. I believe security is something that everyone needs and whichever economic downturn will not affect the security industry much. With more and more complicated network infrastructures that we have nowadays, security is something that is certainly not up to standard to uphold these infrastructures. The world needs security talents, and we really lacked them, especially in Singapore.”- Bob the IT Geek