ATM Hacking Techniques Revealed at BlackHat

ATM Hacking has been popular for years. With some nasty tricks, it had been easy to hack into most ATM systems.

But as the time evolved, those methods became obsolete and hardly few of those  hacks still persist and the ones that remain in sight are relative harder and un-popular.

With the latest Hack, as demoed at BlackHat conference, it can get pretty easy. Barnaby Jack, director of security testing at Seattle-based IOActive,  brought two ATMs onto the Black Hat conference stage and demonstrated that with a press of a button, ATM machine is spits out its cash till the last one in the Pile.

“I hope to change the way people look at devices that from the outside are seemingly impenetrable,” said Jack. He demonstrated a hack that allows the hacker to connect to the ATM through a telephone modem and, without knowing a password, instantly force it to bankrupt the ATM machine.

How the Hacking started

Initially, in order to kick start hacking, Jack said that he had bought a pair of standalone ATMs–one from  Tranax Technologies (yea, its not Taranfx) and the other by Triton. His study yielded success in within few years, during which he discoverred Vulnerabilities that had let him gain complete access to those machines.

Jack seems to be so confident about his technique that he said, “Every ATM I’ve looked at, I’ve found a game-over vulnerability that allows an attacker to get cash from the machine” .

On the good note, he had been an Ethical hacker and hence had brought up vulnerabilties to the notice of both ATM companies and was fixed an year ago. However, theres a twist to the tstory. These updates were pushed to ATMs which had been under support from the companies, not every ATM had been updated, hence,  a large number of the machines remain vulnerable.

Hacking ATMs: Now & then

Hacking ATMs had been popular under two techniques known as “card skimming” and “card trapping” which are now relatively uncommon coz these electronic cash-extraction techniques were limited because they didn’t rely on a deep analysis of an ATM’s code.

We got to knew what exactly happened when Cybercriminals hacked into Bank ATMs in Eastern Europe.

Most modern ATMs run on Windows CE with an ARM processor and use a dialup or leased-line connection to connect to the other branches over the interent/Intranet VPNs, ost of which is through a serial port connection. Jack used standard debugging techniques to interrupt the normal boot process and instead start Internet Explorer, and using some nasty IE hacks, he got access to the file system for copying off the files for analysis.

A remote access vulnerability was found to occur on Taranax ATMs, that allows full access to the machine, without password. The Hack uses two softwares: a utility called Dillinger, which attacks an ATM remotely, and one called Scrooge, a rootkit that inserts a backdoor and then conceals itself from discovery. Scrooge “hides itself from the process list, hides itself from the operating system, there’s a hidden pop-up menu that can be activated by a special key sequence or a custom card.”

For Triton’s ATMs, scenario was different. PC motherboard that dispenses cash from the vault was protected only by a standard (shared) key that could be purchased over the Internet for about $10. So Jack found out that he could force the machine to accept his backdoor-enabled software as a legitimate update, which then can do the damage thats irreversible.

Both companies have responded to the hacks, but necessary actions may still not have been taken place to fix all the machines. I just hope someone takes care of this sometime soon.

The difficult part in hacking the ATMs is evaluating the software for vulnerabilities, but once some one like Jack  creates it, its a childsplay to empty the machine.

We write about GoogleTwitter, SecurityOpen SourceProgrammingWebAppleiPhone,Android and latest in Tech @taranfx on Twitter or by subscribing below:

VN:F [1.9.22_1171]
Rating: 6.5/10 (22 votes cast)
VN:F [1.9.22_1171]
Rating: +5 (from 11 votes)
ATM Hacking Techniques Revealed at BlackHat, 6.5 out of 10 based on 22 ratings

Related Posts

Bookmark and Promote!

  • Www Rayford_thomas

    try listening to- one track heart-by the artist( elvis presley)

    VA:F [1.9.22_1171]
    Rating: 3.0/5 (2 votes cast)
    VA:F [1.9.22_1171]
    Rating: +1 (from 1 vote)
  • John White Jnr

    Hello friend, i want to share my testimony on how i got my BLANK ATM
    card which have change my life today. i was once living on the street
    where by things were so hard for me, even to pay off my bills was very
    difficult for me i have to park off my apartment and start sleeping on
    the street of Vegas. i tried all i could do to secure a job but all went
    in vain because i was from the black side of America. so i decided to
    browse through on my phone for jobs online where i got an advert on
    Hackers advertising a Blank ATM card which can be used to hack any ATM
    Machine all over the world, i never thought this could be real because
    most advert on the internet are based on fraud, so i decided to give
    this a try and look where it will lead me to if it can change my life
    for good. i contacted this hackers and they told me they are from
    Australia and also they have branch all over the world in which they use
    in developing there ATM CARDS, this is real and not a scam it have help
    me out. to cut the story short this men who were geeks and also experts
    at ATM repairs, programming and execution who taught me various tips
    and tricks about breaking into an ATM Machine with a Blank ATM card.i
    applied for the Blank ATM card and it was delivered to me within 3 days
    and i did as i was told to and today my life have change from a street
    walker to my house, there is no ATM MACHINES this BLANK ATM CARD CANNOT
    penetrate into it because it have been programmed with various tools and
    software before it will be send to you. my life have really change and i
    want to share this to the world, i know this is illegal but also a
    smart way of living Big because the government cannot help us so we have
    to help our self. if you also want this BLANK ATM CARD i want you to
    contact the Hackers email on ANDREWMODRIC@OUTLOOK.COM and you life will
    never remain the same email ANDREWMODRIC@OUTLOOK.COM

    EMAIL .. ANDREWMODRIC@OUTLOOK.COM .. TO HAVE YOURS………….

    VA:F [1.9.22_1171]
    Rating: 1.0/5 (1 vote cast)
    VA:F [1.9.22_1171]
    Rating: +2 (from 2 votes)
  • george donald

    GET
    THE BLANK ATM CARD AND BECOME RICH

    Hackers with the above email ( hackerslord94@gmail.com ) is at it again!! Cool
    way to have financial freedom!!! Are you tired of living a poor life; here is
    the

    opportunity you have been waiting for. This is a testimony that I myself

    have experience and I can tell us it is 100% real. Get the new ATM

    BLANK CARD that can hack any ATM MACHINE and withdraw money from any

    account. You do not require anybody’s account number before you can use

    it. Although you and I knows that it’s illegal, there is no risk using

    it. It has SPECIAL FEATURES, that makes the machine unable to detect this very
    card and its transaction is can’t be traced.You can use it anywhere in the
    world. With this card, you can withdraw nothing less than $2500 a day. So far I
    have been able to withdraw $45,000. I don’t know why am posting this but I
    believe it can help someone else in need of money. To get the card, reach the
    hackers via email address: hackerslord94@gmail.com

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    VA:F [1.9.22_1171]
    Rating: +1 (from 1 vote)
  • bird smith

    Hello friend’s get rich in less than 3day’s It all depends on how fast you can be to get the new PROGRAMMED blank ATM card that is capable of hacking into any ATM machine,anywhere in the world. I got to know about this BLANK ATM CARD when I was searching for job online about a month ago..It has really changed my life for good and now I can say I¿m rich and I can never be poor again. The least money I get in a day with it is about $50,000.(fifty thousand USD) Every now and then I keeping pumping money into my account. Though is illegal,there is no risk of being caught ,because it has been programmed in such a way that it is not traceable,it good¿Love you all ¿contact them now, the email address again is : blankatmcreator21@gmail.com

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    VA:F [1.9.22_1171]
    Rating: +1 (from 1 vote)
  • Anderson Wood

    Nobody will complain if all their comments are real or either if the Blank card producers as they claim are real as YANDEX HACKING(yan.hacking@yandex.com). Scared as usual not to be scammed again, being rational is better than to be scammed. I thought YANDEX HACKING(yan.hacking@yandex.com) where scammers until I got my blank card I requested.

    YANDEX HACKING, Please you have to improve on the security because the ATM Machine always beeps whenever I slot in the card. I hope it is not alerting the securities in the bank? Am scared Anderson Wood

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
  • Lorretha Cairo

    Fred, I thought you where scam working with sourcecodeATMhackers. Hehehe. It is not my fault since am trying not to fall in the hands of scammers again having been scammed 4 times. Thank your for help by replying to my mail when I wrote to confirm all you where saying is real before I contacted sourcecodeATMhackers for the Blank Card. I got it in 3 days. Well I was wondering why I could withdraw only $1,700 daily instead of $6,000 daily which I was told. Anyway thank you and I have forgotten my past now which those heartless scammers parading their selves as hackers has caused me. I recommend SourcecodeATMhackers

    sourcecodeatmhackers@gmail.com for everyone who needs this blank card. Bust me on my mail lorrethacairo@outlook.com if you want to clear any doubt. Lorretha Cairo is my name residing in France.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
  • Fred Claud

    Well, who would have believed this. When I saw a comment by one Miguel Conner, I thought it was one of the Scammers ways to convince someone. Looking at his comment, I saw an element of doubt since he was telling stories. Well I did it 50/50 which means I can’t lose my money to any scammer again. I contacted the email on the testimony of Miguel Conner (sourcecodeatmhackers@gmail.com) and I was replied immediately. I was shocked but I didn’t lose my stand. I asked them to give me proof to be sure they are not scammers like others that I have met before and they sent me a proof. Then I requested to get my card which they sent to me in Germany in just 3 days. Am happy now because I have recovered my cash I lost to scammers. My first withdrawal was $10,000 and I couldn’t believe my eyes until I confirmed their word which says that I can withdraw up $63,000 in a month. SourcecodeATMhackers are real because I got my card in just 3 days when I requested for one. Contact their mail (sourcecodeatmhackers@gmail.com ) for yours. They didn’t scam me.

    Fred Claud is my name and if you are scared, please reach me through my mail fred_claud@yahoo.com.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
  • Lee Js

    HAVE YOU EVER WONDER IF YOU CAN HACK INTO AN ATM MACHINE? OH YES YOU CAN!!!
    You can hack and break into any bank’s or Secured ATM Machine without carrying guns or any weapon. It is simple!!! I say why don’t we tapped from those government money too?

    To hack this machine We have develop and programmed a special blank ATM Card which you can use in any ATM Machine around the world. This ATM card has been programmed and can withdraw $5000 USD in a day for one week in any currency!!! The card will make the security camera malfunction at that particular time until you are done with the transaction you can never be trace. Be wise and make use of this opportunity as soon as you can!!!

    YOU REALLY WANT TO GET THIS CARD AND GET RICHER???
    We receive tones of email daily because this has become so demanding, but we are working hard to satisfy everyone who comes to us.

    Contact Us Today Via: ANDREWMODRIC@OUTLOOK.COM

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
  • Brenna Helen

    Get a blank ATM CARD and cash good money/funds directly today in any ATM machine around you anywhere in the world. It’s 100% guaranteed secure with no worries of being caught because the blank card it’s already programmed and loaded with good funds in it, in such a way that’s not traceable which also have a technique that makes it impossible for the CCTV to detect you, so get the blank ATM CARD today at our email address: atmblankcardfunds@gmail.com and make good money today…

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
© 2016 Geeknizer. All rights reserved. XHTML / CSS Valid.
Designed by taranfx.