Barnaby Jack, an information
security expert, indeed surprised us with his successful operation on making an
ATM spew money at the Black Hat security conference
Jack managed to do it just by clicking a button, however his study process is not so easy. Two years ago, Barnaby Jack, has bought two ATMs from different vendors, then he has spent nearly two years on security vulnerabilities which is the most vulnerable to attack. At last, he is surprised the result, only one key matched, could deal with all of the same kind of ATMs which are made from the same vendor. Thus, with the key, a cracker disk could be embedded in an ATM, so hacker is able to hit the Jackpot in the breeze.
Additionally, Jack demonstrated another crack method he has found – attack ATM maker’s remote management software by hooking up modems. By doing this, hackers could manage to make ATM spit out money remotely even without personal appearance at all.
Jack said he didn’t think he’d be able to break the ATMs when he first started probing them. “My reaction was, ‘this is the game-over vulnerability right here," he said of the remote hack. “Every ATM I’ve looked at, I’ve been able to find a flaw in. It’s a scary thing.”
“Most people tend to ignore the fact that a lot of today’s devices and machines are running fairly standard computers and operating systems internally. ATM machines, cars, medical devices, even your TV may have such a computer inside, allowing updates over a network. Software unfortunately has flaws.” he said. Even more, the expert indicated that although he did not find the way to attack ATMs inside a bank, but the ones which are stored in a supermarket or bazaar could be spewed money so easily that even a kid is capable to manage it.
Undeniably, Barnaby Jack’s showtime is a highlight at the conference despite he did not show operation details. “It’s time to give these devices an overhaul,” Jack said. “Companies who manufacture the devices aren’t Microsoft. They haven’t had 10 years of continual attacks against them.”
Tulisan Terkait