Silicon Valley Security Expert Reveals ATM Hack

Barnaby Jack exposes security flaw

View Comments (
)
|
Email
|
Print

    NEWSLETTERS

    TK
    Getty Images
    ATM going paperless

    We've heard about ATM bandits who use a handgun and mask to rob unsuspecting bank clients and the ones who try yank the entire unit from the ground to get the cash. But it doesn't take a bold threat or crazy attempt to rob an ATM. Just ask Barnaby Jack.

    Jack, the security director for IOActive, spent two years messing around in his Silicon Valley apartment with ATMs he got online before figuring out the code that got them to spit out cash. He showed off his skills Wednesday at the Black Hat security conference in Las Vegas, a gathering devoted to exposing computer-related security flaws.

    Scroll down a bit and you can watch video of Jack's demo.

    Jack discovered that machines made by the same manufacturer can be all be accessed with the same physical keys. He used the key to get into a compartment where there was a USB slot then simply plugged in the program he wrote to get the machine to dump all its cash contents.

    Another danger Jack discovered is that the hack allows anyone to harvest the private data about anyone who uses the ATMs.

    He covered the brand names of the machines with stickers but the screen prompts revealed the units were made by Hayward-based Tranax Technologies.

    So far, the code only works for standalone machines, like the ones outside of gas stations.