It reminds me of that scene in Terminator 2 where the young John Connor steals cash from an ATM with a portable computer. I was so impressed! A portable computer!
Uh, itās possible that the WinXP machines ARE being updated. Microsoft is providing updates for those customer who have paid $$$$.
It is indeed, and if you read the original on Brian Krebsās website this point is made. However the problem is that they are relying on āthe customerā to pay for security in the first place. There is no concept that these items need to ship safe and need to be usable safely.
In this particular case OS insecurity is not the primary culprit but physical insecurity of the ATM machines which allow access to USB and CD Rom. That a kiosk device of any sort, let alone one capable of being jackpotted, ships with a BIOS capable of booting from USB or CD is shocking.
Dang, that was the point I wanted to add: these werenāt ālack of updatesā security breaches, there were āthe reason this computer is pwned, if because the bad guys have physical access to the boxā breaches.
Even a fully patched Win8 or MacOS machine would be vulnerable. Iād say, even a boot-protected machine. Thereās almost always a way.
Just out of curiosity are there any Win8 or OSX based ATMs? Iāve run across a TON of WinXP based ones, but never another stock OS other then a odd handful of Linux ones, at least as far as I was aware of. Iām always fascinated with this sort of thing for some odd reasonā¦
I once accidentally jackpocketted* an ATM. I asked for $20 and out came a $50. I thought, hang on thatās not right I must have pressed $50 by mistake. Iāll just check my balance to be sure. Nope only $20 gone. So naturally I withdrew $80, and again, and again. Then I told my wife. She went to the same ATM and did it a few times. Then all her work colleagues went down. Unfortunately it must have just been a wad of $50s mixed up with the $20s because about 4 people in it stopped working.
If only Iād had more than $270 in my account to begin withā¦
Iām going to go with āThere most certainly is. Somewhere in the worldā¦ā.
My guess is that as new hardware is rolled out, youāll see it. Redbox, for instance, began rolling out Win7 Embedded Systems (Win7ES, or āWESā) in their kiosks, only in the last six months or so.
Shockingly Iāve seen a Win 2000 crash on one of these out in the wild! From reading stuff in surrounding articles they imply that there are more up to date Windows ones, though they donāt specify. They imply that XP is a comparative rarity.
Which I kind of doubt to be honest.
Yeah, I have a terminal Windows in public use, supposedly not bootable from insertable devices and danged if the thing isnāt always hacked out of terminal mode. It gets them nowhere at all, but it happens all the time.
I do think itās interesting that the decline in skimming has been more than matched by the increase in jackpotting. It seems that end users are more reliable than service providers at protecting security.
Whoādathunk?
It was an Atari Portfolio, a real handheld MS-DOS computer! I wanted one but couldnāt afford it at the time. A few years later in grad school I got a HP 200LX, a similar device. It was cute but not very practical even at the time.
This topic was automatically closed after 5 days. New replies are no longer allowed.
