Drill a single hole in an ATM and you can comprehensively pwn it


#1

Originally published at: http://boingboing.net/2017/04/05/jackpot-holes.html


#2

$15 board, eh? Any idea what kind of components there were on it? For… no reason…


#3
a breadboard, an Atmega microcontroller of the kind commonly found in Arduino microcomputers, some capacitors, an adapter, and a 9 volt battery
(Wired)

I guess the mentioned “serial port” is a bog-standard one like RS-232 or similar - the interface is easy, the “only” problem to solve is the reverse engineering of the used instruction set.


#4

What’s got me confused it the ATMega. If it was just an RS-232 you could just plug a serial to USB adaptor into the port and use a laptop directly, unless they need to send weird timing to get whatever controls the cash dispenser to spit everything out.


#5

because it’s a fun exercise? it’s even mentioned in the Wired article “[Kaspersky’s] compact gadget, far smaller than even the arrested suspect’s laptop”


#6

I think I’ve got the wrong end of a stick - I thought that they were connecting a laptop to a custom-board and using that to jackpot it, not that that the board was a standalone device.


#7

Drill a single hole in an ATM and you can comprehensively pwn it

Well sure.


#8

I’m vaguely startled nobody’s yet posted a relevant gif of Edward Furlong from T2… seems exactly what happened. :slight_smile:


#9

Wow, the one time proprietary connectors would actually make sense.

4cm isn’t very subtle though, is it?


#10

Is it bad that I immediately thought “A raspberry pi with a touch screen would be a perfect replacement to the laptop”.


#11

Well at least this method involves stealing money directly from the bank’s ATM instead of victimizing account holders who are unfortunate enough to use a pwned ATM. Note to criminals: nobody other than the bank and the cops care if you steal from a bank. If you steal from the bank’s customers, though, everyone will care.


#12

Around here they take that a bit literally.


#13

if I remember the story correctly they were not able to open the safe in time.


#14

C’mon, I think we all know who’s behind this “rash of mysterious ATM heists”:


#15

So that’s how the rebellion can afford to buy all those X-wings.


#16

Round here they spray gas into the machine, then ignite it to blow the doors open, seems to work well, until they get caught.


#17

I guess the hardware workaround is to remove it otherwise dismantle that header. Oftentimes these sorts of headers are only needed for initial programming so they could be vestigial in the field.


#18

Or just a bit of epoxy over the pins. That makes it a heck of a lot less convenient.


#19

Even better, he used an Atari Portfolio to hack directly through the magnetic stripe reader!


#20

No, he’s using a personal digital assistant (remember those?) connected to a magic card that goes into the normal bank card slot and somehow allows him to hack the ATM. (Remember this was over twenty years before chip and PIN came to the USA, so the card only has a magnetic stripe.)