11:06 At the conference black hat hackers have shown a new way to hack ATMs | |
Actually, the word "hacker" is used here in a positive context, without implying a malicious programmer. Just the opposite - an expert on network security Barnaby Jack learned to break into ATM machines to indicate the main developers of the vulnerability of the system. In general, Jack found a simple way to learn how to hack ATM machines (which is probably dreaming every other teenager) - he just bought at auction two ATMs from two different manufacturers, Tranax Technologies and Triton. According to Jack, after he spent a year studying hardware and software of these devices. Now he can extract from any ATM he studied models of bills as long as they do not end at the ATM. In general, outwardly it looks even easier than in the movie "Terminator 2" (yes, I know that this is just a trick of the director, this way you can not hack an ATM). So, the hacker has presented two ways to hack ATM machines - the first allows you to log in via a telephone modem, and the second method allows you to retrieve notes without having to enter a password for your credit card. Jack assures that the vulnerabilities found them very critical, but information about them is transferred to producers. In the case of ATM Tranax, a hacker found a vulnerability-critical remote access, which allows you to gain full access to the system without having to enter a password. To exploit the vulnerability was written by the corresponding exploit, which was named Dillinger. Accordingly, for the second type of ATM was written by another exploit - Scrooge. The first exploit allows you to use a vulnerability in the remote access technology to the ATM. The second - a rootkit, which has introduced a system of backdoor, not shown in the list of running applications. You can call it by entering a combination of keystrokes or a specially made card. By the way, ATM from Triton does not have the vulnerability of remote access (at least, the hacker could not find it). But here's the hardware of this device - is standard, and a motherboard that provides access to your money is protected by a standard key, bought Jack for $ 10 online. In general, all this has allowed a hacker to install the backdoor on the system as a system upgrade. For more information, unfortunately, is not available, the hacker is not laid out their own experience in sharing. By the way, after his conversion to the producers, management Triton reacted quickly, efficiently install the updates that close the vulnerability. But Tranax yet remained silent. By the way, Jack was supposed to speak once at the last conference, but his performance was canceled at the last minute due to some sort of technical overlap. Interestingly, most of these manufacturers of ATMs that are installed in public places, have no protection against the vulnerabilities discovered by Jack. But the new ATMs are supplied already closed "holes." Source. | |
|
| |
| Total comments: 0 | |