Hacker Figures Out How To Make ATM Spew Cash, Tells The World About It

In need of extra cash? Who isn't, right? If you're a smart hacker, you may be able to make a small fortune by simply tricking an ATM or two into spitting out money for you. We know that sounds crazy, and it certainly is, but it's true nonetheless. At the annual Black Hat conference -- where hackers and security experts gather to make public certain loopholes in order to encourage companies to fix them -- Barnaby Jack was able to demonstrate how he could trick an ATM into spitting out all of its cash, and more.

The hacker spent two full years perfecting the ruse, which applied to the ATMs found often in front of convenience stores. The goal was to find a way to take control of the ATM by "exploiting weaknesses in the computers that run the machines," but unlike malicious hackers, his goal was to make this information public so that companies making them would take notice and close up these holes for thieves to exploit. 


His demonstration was one of the most widely viewed at the show, mostly because it affects a wide variety of ATMs and has the potential to really cause a lot of havoc. This is definitely an easy way to snatch cash -- far easier than robbing a bank -- and if this information fell into the wrong hands, it could really spell trouble. He was supposed to showcase this last year, but out of a fear that ATM makers couldn't close the loopholes in time, he delayed it until this year and spent the last 12 months finding even more holes.

He noticed that "the physical keys that came with his machines were the same for all ATMs of that type made by that manufacturer," so there's an easy way to get inside right there. Once you're in, he used the key to "unlock a compartment in the ATM that had standard USB slots. He inserted a program he had written into one of them, commanding the ATM to dump its vaults. — He hacked into the machines by exploiting weaknesses in the way ATM makers communicate with the machines over the Internet."

Follow the link below for the full report; it's definitely an interesting read.

blog comments powered by Disqus