Pictures

Photo

Reuters Photojournalism

Our day's top images, in-depth photo essays and offbeat slices of life. See the best of Reuters photography.  See more | Photo caption 

Photo

Best of Cannes

Style and scenes from the Cannes Film Festival.  Slideshow 

Photo

Ethiopia's salt trails

For centuries merchants have traveled to Ethiopia to collect salt from the surface of the vast desert basin.  Slideshow 

Sponsored Links

ATM security flaws could be a jackpot for hackers

Related Topics

By Jim Finkle

BOSTON | Fri Jun 25, 2010 2:42pm EDT

BOSTON (Reuters) - A security expert has identified flaws in the design of some automated teller machines that make them vulnerable to hackers, who could make the ubiquitous cash dispensers spit out their cash holdings.

Barnaby Jack, head of research at Seattle-based, security firm IOActive Labs, will demonstrate methods for "jackpotting" ATMs at the Black Hat security conference in Las Vegas that starts on July 28.

"ATMs are not as secure as we would like them to be," Jeff Moss, founder of the Black Hat conference and a member of President Obama's Homeland Security Advisory Council said. "Barnaby has a number of different attacks that make all the money come out."

Jack declined to discuss his techniques before the conference. The world's biggest ATM manufacturers include Diebold Inc and NCR Corp. Officials with those companies could not be reached for comment.

Banks may cringe when he speaks, fearing would-be crooks will adopt his methods. But Moss said that going public will raise awareness of the problem among ATM operators and prompt them to tighten security.

One potential route of attack is via communications ports that are sometimes accessible from outside an ATM, Moss said.

"You want everybody to know there are possible ways to jackpot these machines, so they will go and get their machines updated," he said.

Joe Grand, a hardware security expert, said he was not surprised to learn of Jack's research.

"People are starting to realize that hardware products do have security vulnerabilities. Parking meters, ATMs, everything that has electronics in it can be broken," Grand said. "A lot of times a hardware product is just a computer in a different shell."

(Reporting by Jim Finkle, editing by Leslie Gevirtz)
U.S.
Tech
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (5)
thecanimal wrote:
This is another racist attack on the Obama Administration.

Jun 25, 2010 3:10pm EDT  --  Report as abuse
AsianPrince wrote:
This is wonderful news for Diebold and NCR. Now they can sell new “improved” ATMs to all the banks. Barnaby Jack will recieve a large kickback from them.

Jun 25, 2010 3:24pm EDT  --  Report as abuse
knut wrote:
Tell me something I do not know…
As long as the ATM runs Windows, the sockets stay “lingering” and is wide open for everyone to connect to them. It is described in BSD 4.2 sockets() – Thanks to Microsoft laziness.

Jun 25, 2010 6:27pm EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.
See All Comments »