Antiquated ATMs are easy pickings for "jackpotting" by fraudsters


#1

[Permalink]


#2

It reminds me of that scene in Terminator 2 where the young John Connor steals cash from an ATM with a portable computer. I was so impressed! A portable computer!


#3

Uh, it’s possible that the WinXP machines ARE being updated. Microsoft is providing updates for those customer who have paid $$$$.


#4

It is indeed, and if you read the original on Brian Krebs’s website this point is made. However the problem is that they are relying on “the customer” to pay for security in the first place. There is no concept that these items need to ship safe and need to be usable safely.

In this particular case OS insecurity is not the primary culprit but physical insecurity of the ATM machines which allow access to USB and CD Rom. That a kiosk device of any sort, let alone one capable of being jackpotted, ships with a BIOS capable of booting from USB or CD is shocking.


#5

Dang, that was the point I wanted to add: these weren’t “lack of updates” security breaches, there were “the reason this computer is pwned, if because the bad guys have physical access to the box” breaches.

Even a fully patched Win8 or MacOS machine would be vulnerable. I’d say, even a boot-protected machine. There’s almost always a way.


#6

Just out of curiosity are there any Win8 or OSX based ATMs? I’ve run across a TON of WinXP based ones, but never another stock OS other then a odd handful of Linux ones, at least as far as I was aware of. I’m always fascinated with this sort of thing for some odd reason…


#7

I once accidentally jackpocketted* an ATM. I asked for $20 and out came a $50. I thought, hang on that’s not right I must have pressed $50 by mistake. I’ll just check my balance to be sure. Nope only $20 gone. So naturally I withdrew $80, and again, and again. Then I told my wife. She went to the same ATM and did it a few times. Then all her work colleagues went down. Unfortunately it must have just been a wad of $50s mixed up with the $20s because about 4 people in it stopped working.

If only I’d had more than $270 in my account to begin with…


#8

I’m going to go with “There most certainly is. Somewhere in the world…”.

My guess is that as new hardware is rolled out, you’ll see it. Redbox, for instance, began rolling out Win7 Embedded Systems (Win7ES, or ‘WES’) in their kiosks, only in the last six months or so.


#9

Shockingly I’ve seen a Win 2000 crash on one of these out in the wild! From reading stuff in surrounding articles they imply that there are more up to date Windows ones, though they don’t specify. They imply that XP is a comparative rarity.

Which I kind of doubt to be honest.


#10

Yeah, I have a terminal Windows in public use, supposedly not bootable from insertable devices and danged if the thing isn’t always hacked out of terminal mode. It gets them nowhere at all, but it happens all the time.

I do think it’s interesting that the decline in skimming has been more than matched by the increase in jackpotting. It seems that end users are more reliable than service providers at protecting security.
Who’dathunk?


#11

It was an Atari Portfolio, a real handheld MS-DOS computer! I wanted one but couldn’t afford it at the time. A few years later in grad school I got a HP 200LX, a similar device. It was cute but not very practical even at the time.


#12

This topic was automatically closed after 5 days. New replies are no longer allowed.