June 26, 2010

Hackers Target ATM Security Flaws

A design flaw found in some automated teller machines may make them vulnerable to hackers, who could make cash dispensing machines everywhere spit out their cash holdings, according to a security expert who discovered the defect.

Barnaby Jack, head of research for security firm IOActive Labs, plans to demonstrate how the ATM flaw can be manipulated by hackers at the Black Hat security conference in Las Vegas that begins July 28.

"ATMs are not as secure as we would like them to be," Jeff Moss, founder of the Black Hat conference and a member of President Obama's Homeland Security Advisory Council, told Reuters news. "Barnaby has a number of different attacks" that dispenses all money in an ATM.

Banks and other financial institutions may not want Jack to make his methods public, for fear of would-be crooks that could adopt his methods. But Moss said that going public would raise awareness of the issue and prompt ATM owners and operators to tighten their security.

Jack declined to discuss the techniques before the conference. But, one potential way for hackers to attack ATMs is via communications ports that are sometimes accessible from outside an ATM, Moss said.

"You want everybody to know there are possible ways to jackpot these machines, so they will go and get their machines updated," he said.

Joe Grand, a hardware security expert, told Reuters that he was not surprised to learn of Jack's findings.

"People are starting to realize that hardware products do have security vulnerabilities. Parking meters, ATMs, everything that has electronics in it can be broken," Grand said.


On the Net: