BlackHat 2010 – Jackpotting Automated Teller Machines [Barnaby Jack]

Owning the ATM:

ATM’s, we use them everyday. Need some cash? Insert card, receive money. Simple. Automated teller machines are not something  you really think about getting hacked. Sure you may have heard of card skimmers, collecting credit card numbers, but this is far more nefarious.

Every  once in a while you see a demonstration at these kinds of events that just blows your mind. This was one of those instances. Hackers now have the ability to remotely jackpot ATM machines. This means that with the push of a button a hacker can make cash start pouring out of an ATM, just like in the movies.

The whole act is done by taking advantage of a design flaw in the system, machines being able to run unsigned executables. The presenter also released two new tools to help make the process easier, Scrooge, a rootkit that installs on the ATM, and Dillinger, the remote management system to control them. The rootkit installs on machines made by Triton and Tranax, two of the largest names in ATM production. Both vendors have released patches for their systems, but just like people’s home computers, not everyone updates their machines.

At the press conference after the presentation, Barnaby divulged more details of how the hack is performed. We also had a chance to talk to the VP of engineering for Triton and hear about what they have done to prevent these kinds of attacks.

In short, the solution is for end users to patch their system. They should also replace the lock on their unit with a unique lock to prevent walk by firmware replacement, as by default it comes with a lock that works off of a generic master key.

Stay tuned to TechwareLabs for more coverage of Black Hat 2010.