A security expert has identified flaws in the design of some automated teller machines that make them vulnerable to hackers, who could make the ubiquitous cash dispensers spit out their cash holdings.
Barnaby Jack, head of research at Seattle-based security firm IOActive Labs, will demonstrate methods for "jackpotting" ATMs at the Black Hat security conference in Las Vegas, which starts on 28 July.
"ATMs are not as secure as we would like them to be," Jeff Moss, founder of the Black Hat conference and a member of President Obama's Homeland Security Advisory Council, said. "Barnaby has a number of different attacks that make all the money come out."
Jack declined to discuss his techniques before the conference. The world's biggest ATM manufacturers include Diebold and NCR. Officials with those companies could not be reached for comment.
Banks may cringe when he speaks, fearing would-be crooks will adopt his methods. But Moss said going public will raise awareness of the problem among ATM operators and prompt them to tighten security.
One potential route of attack is via communications ports that are sometimes accessible from outside an ATM, Moss said.
"You want everybody to know there are possible ways to jackpot these machines, so they will go and get their machines updated," he said.
Joe Grand, a hardware security expert, said he was not surprised to learn of Jack's research.
"People are starting to realise that hardware products do have security vulnerabilities. Parking meters, ATMs, everything that has electronics in it can be broken," Grand said. "A lot of times a hardware product is just a computer in a different shell."
Share