Sign In

Communications of the ACM

ACM TechNews

Flaw Opens Atms to Hackers


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
ATM

Credit: Delaware National Bank of DehliA

Juniper security researcher Barnaby Jack canceled plans for a live demonstration of the insecurity of automatic teller machines (ATMs) at the upcoming Black Hat Security Conference due to pressure from ATM manufacturers and concerns that some vulnerabilities have not yet been fixed. "The vulnerability Barnaby was to discuss has far-reaching consequences, not only to the affected ATM vendor, but to other ATM vendors and — ultimately — the public," says Juniper's Brendan Lewis. "To publicly disclose the research findings before the affected vendor could properly mitigate the exposure would have potentially placed their customers at risk."

The presentation was going to focus on exploiting vulnerabilities in devices running the Windows CE operating system, including some ATMs. Many security experts are not surprised that the vulnerabilities exist. TrustWave's Nicholas Percoco says major flaws in cash machines and ATM networks are numerous.

ATMs have been the focus of a number of high-profile security incidents during the past 12 months, including the theft of nearly $9 million from more than 130 cash machines in only a few hours using fake payroll cards in 49 cities worldwide. In January, Diebold warned customers that certain cash machines in Eastern Europe had been loaded with malicious software capable of stealing financial information and customer PINs. Nearly 65 percent of ATMs in the United States run some form of the Windows operating system.

From Technology Review
View Full Article

 

Abstracts Copyright © 2009 Information Inc., Bethesda, Maryland, USA


 

No entries found