acm-header
Sign In

Communications of the ACM

ACM TechNews

NFC Flaws Let Researchers Hack ATMs by Waving a Phone


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
ATMs.

Josep Rodriguez, a researcher and consultant at security firm IOActive, has built an Android app that allows his smartphone to mimic credit card radio communications and exploit flaws in ATMs' system firmware.

Credit: Dennis Wong/Creative Commons

An Android app developed by IOActive's Josep Rodriguez exploits flaws in near-field communication (NFC) systems, enabling ATMs and a variety of point-of-sale terminals to be hacked by waving a smartphone over a contactless credit card reader.

Rodriguez said his app was able to force at least one ATM brand to dispense cash, but only in combination with other flaws in the ATM's software.

The researcher added that the point-of-sale vulnerabilities allow you to "modify the firmware and change the price to $1, for instance, even when the screen shows that you're paying $50. You can make the device useless, or install a kind of ransomware. There are a lot of possibilities here."

The findings have been disclosed to the affected vendors, but Rodriguez acknowledged that physically patching hundreds of thousands of affected terminals and ATMs "would require a lot of time."

From Wired
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account