Sabkush Headlines: How to Make an ATM Spit Out Money

Sabkush Headlines: How to Make an ATM Spit Out Money

How to Make an ATM Spit Out Money

Barnaby Jack, who is director of research at IOActive Labs, made cash pour from a machine for minutes on end. After studying four different companies models, he said, "every ATM Ive looked at, Ive found a game over vulnerability that allowed me to get cash from the machine." Hes even identified an Internet-based attack that requires no physical access. The same talk was supposed to take place at last years Black Hatconference, but it was pulled at the last moment. In his presentation, which did not reveal the exact details of how he performed the attacks, Jack named two vendors--Triton and Tranax--and said he had been in contact with both about fixing the problems. Jack demonstrated the attacks on two ATMs that he bought online and drove to Las Vegas from his companys headquarters in San Jose. The hardware kit that he used in the demonstration cost less than $100 to make. Story continues below In one part of his presentation, he demonstrated a way for a thief to gain physical access to the ATM made by Triton. The devices main circuit, or motherboard, is protected only by a door with a lock that is relatively easy to open (Jack was able to buy a key online). He then used a USB port on the motherboard to upload his own software, which changed thedevices display, played a tune, and made the machine spit out money.