ATM Security – Barnaby Jack Shows How Vulnerable It Can Be

So much of our everyday life is connected to a network that it is even in places that we least expect it to be.

Due to the internet, we see and use networks everywhere and this is not going to change anytime soon.

The one aspect in our daily lives that we see networks in is when we use the ATM machines.

Machines being hooked to the internet allows them to be placed in so many places at a cheaper rate but, due to this ease of use, because they are hooked to the internet, it also means that they are more vulnerable.

Over the last couple of years there have been many hackers that have shown how vulnerable the machines were.

During the Blackhat 2010 conference their vulnerability was once again on display.

How Were The ATMs Compromised?

During this year’s demonstration a hacker named Barnaby Jack was able to show two different ways in how he was able to take control of the ATM machine.

During the first demonstration, he was able to take a USB key and take control over the machine.

He did this by rewriting the machines firmware.

If you are not aware of how machines work, the firmware is a piece of hardware in the computer that has the code on it to tell the machine how to work.

It is supposed to be permanent; only certain machines have rewritable firmware.

In the case of the ATM’s he was able to bypass the security measures of the machines and rewrite the firmware.

The second way he was able to penetrate the security of the machines was through the internet.

This is known as a remote exploit and an ATM allowing one of these kinds of exploits is very dangerous if the information about how to do it ever got out.

With the remote exploit, he was able to access the target machine through the internet and cause it to spit play money onto the stage.

Both of these attacks are bad but this second way has a lot more security implications.

How Serious Are These Attacks?

Both of these attacks can be very serious if the information was ever to get out.

If a bad guy was able to apply the attack first before the security researcher found out about it and exposed it then they could have possibly done a lot of economic damage before someone was able to stop them.

Luckily the exploit was exposed and the vendors were told before the talk was given.

This gave them plenty of time to fix the problem.

Since the internet is everywhere these days we have to really give a lot of thought to the security of everything that is connected to it.

There will be no shortage of people who are trying to find holes in these systems.

The good guys must find them first so that the bad guys are not able to exploit them.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. […] Recently there has been a whole host of scams perpetrated on people when they used their local ATM machines. And that is what this article is about, trying to protect yourself from harm when you use an ATM […]

Speak Your Mind