Computer security expert Barnaby Jack recently demonstrated how to get an ATM to spit money for minutes on end. Jack purchased some ATMs online for his research, and says the tools required to hack them cost less than $100.
According to Technology Review:
After studying four different companies' models, he said, "every ATM I've looked at, I've found a ‘game over' vulnerability that allowed me to get cash from the machine." He's even identified an Internet-based attack that requires no physical access.
Of course, Jack didn't reveal how exactly he hacked the machines… but he came pretty close. In one demonstration Black explained:
The device's main circuit, or motherboard, is protected only by a door with a lock that is relatively easy to open (Jack was able to buy a key online). He then used a USB port on the motherboard to upload his own software, which changed the device's display, played a tune, and made the machine spit out money [for several minutes].
Some ATMs remain very vulnerable to remote attacks as well, Jack explained, such as those designed to accept software upgrades over the Internet. For example, a hacker can circumvent an ATM authentication system by installing his or her own software, which the hacker could then exploit using someone else's information or a fake card.
Jack said he hoped the demonstration would spur manufacturers to make ATMs more secure. Maybe we're just cynical, but with every new lock or security measure, won't new hackers arise to bypass them?
Check out Tech Review's video about Jack's demonstration. The best bit-hacked ATM plays silly music and spits out money-starts at 1:15:
Image: flickr / thinkpanama
This post originally appeared on Discoblog, Discover's catalog of quirky, funny science news from the edge of the known universe.