A well-known computer hacker has demonstrated a piece of software at a conference that can be used to force ATMs to spit out cash.
Barnaby Jack, who spoke at the Las Vegas Black Hat conference late last week, said he spent over two years working with ATMs he purchased online. However, he pointed out these were independent machines, not the ones used in bank branches.
Jack, who is the director of security research for IOActive, demonstrated that he could steal money using two methods.
The first was to use a USB key uploaded with a program designed to bypass a password.
The second method was demonstrated by hacking machines over the internet. However, he refused to provide more detail because he didn’t want to “teach everybody how to hack ATMs. It’s to raise the issue and have ATM manufacturers be proactive about implementing fixes”.
“My reaction was, ‘this is the game-over vulnerability right here,’” he said of the remote hack. “Every ATM I’ve looked at, I’ve been able to find a flaw in. It’s a scary thing.”
After making two demonstration machines spit out money, the audience applauded. Jack also revealed he had been working with ATM manufacturers to help increase their security measures.
Patrick Stafford is a freelance journalist and a former deputy editor of SmartCompany.
