• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

SwaCash | Internet Marketing News

Latest Updates on Tech, Internet & Digital World

  • Home
  • Digital Marketing
  • Social Media
  • Technology
  • About
  • Contact Us
You are here: Home / News / Hacker claims he can hack ATMs with his smartphone

Hacker claims he can hack ATMs with his smartphone

June 26, 2021 by Amer Bekic

A “white hat” hacker from the firm IOActive tells how he discovered a gaping security flaw in cash machines equipped with an NFC reader. According to him, the vendor manufacturers have neglected the security of this component to where it is possible to conduct buffer overflow attacks. 

Credit: Unsplash

ATM security captivates the imagination in more ways than one. We have here unique, secure equipment since they must be able to provide both physical protection of currencies and protection against computer attacks while being installed in public places .

In recent years, various researchers have shown that the security of these distributors is far from infallible . However, until now, the attacks have relied on access to a USB port hidden under the casing, or even to internal components. So I can’t imagine a malicious person carrying out such attacks in nature in the middle of the day.

Researchers Finds Disturbing Way To Attack ATMs

Especially when you consider these devices are under video surveillance. Other attacks, including network attacks, are possible. But they require precise knowledge of the characteristics of the target distributor, while exposing the perpetrator of the attack to being detected, given the security devices installed by the banks.

Josep Rodriguez a consultant for the security firm IOActive is called a “white hat” or ethical hacker. He has long been interested in the security of these distributors, but also in NFC technology. However, you have undoubtedly noticed it: some distributors now ship an NFC reader.

All banks did not n’t use this one, but as Josep Rodriguez explains, it’s a gaping front door into the machine because of a security flaw known for years. He explains in fact having succeeded, via a simple smartphone, in triggering a so-called “buffer memory overrun” attack via the NFC reader of a distributor .

This type of attack works because the distributor’s operating system does not limit the amount of data that can enter through NFC. When the amount of data exceeds the allocated space in RAM, data continues to be written to adjacent memory addresses for use by other parts of the system. With a little reverse engineering, it can then do just about anything it wants on the target machine .

Fixing The NFC Security Flaw On All ATMs In Circulation Will Take Time

For example, he was able to tell the machine to write all the bank card numbers that pass through his reader, change the amount of transactions on the fly, and even in at least one case force the distributor to distribute all of its content (also attack known as “Jackpotting”). Wired explains:

“Rodriguez has built an Android application that allows his smartphone to mimic radio communications from bank cards and exploit loopholes in the system’s NFC firmware. By waving his smartphone, he can exploit a variety of bugs to crash ATMs, hack them to collect and transmit credit card data, invisibly change the value of transactions, and even lock down devices while displaying a ransomware message”.

The security researcher warned manufacturers of the issue between 7 months and a year ago, including ID Tech, Ingenico, Verifone, Crane Payment Innovations, BBPOS, Nexgo, and an unidentified vendor because of a security breach. Even more serious. To force them to act quickly he has already announced that he will release technical details in the coming weeks.

It remains to be seen whether it is technically possible for the manufacturers concerned to really close the security breach on all devices in circulation. Josep Rodriguez himself admits it: “patching several hundred thousand ATMs physically is something that will take a lot of time”.

The demonstration of the attack did not take place in the United States, where the security of banking systems can sometimes be weaker, but in Madrid, in Europe. The researcher concludes: “These vulnerabilities have been present in firmware for years, and we have used these devices daily to manage our credit cards, our money. It has to be more secure”. 

Filed Under: News

Primary Sidebar

E-mail Newsletter

More Articles

Three Tweets related to EtherRock sales

Not one not two, Three digital pet rock cliparts sell for $600K each

August 22, 2021 By Amer Bekic

PolyNetwork Hacking Incedence

Hacker who stole $800 Million, now offered a white hat job by its victim firm

August 20, 2021 By Amer Bekic

credit card back panel containing the magnetic stripe

MasterCard announces future without magnetic stripe on the back.

August 17, 2021 By Amer Bekic

Fortune magazine sells its cover art as NFT. Raises 1.3 Million dollars

August 14, 2021 By Amer Bekic

Bored Ape Yacht Club Token 3749

This bored ape pic just sold for 1.29 Million dollars!

August 14, 2021 By Amer Bekic

Footer

Search this site

Recent Articles

  • Not one not two, Three digital pet rock cliparts sell for $600K each
  • Hacker who stole $800 Million, now offered a white hat job by its victim firm
  • MasterCard announces future without magnetic stripe on the back.
  • Fortune magazine sells its cover art as NFT. Raises 1.3 Million dollars
  • This bored ape pic just sold for 1.29 Million dollars!

Browse Topics

  • Blogging (164)
  • Content Marketing (7)
  • Cryptocurrency (5)
  • Digital Marketin (4)
  • Digital Marketing (333)
  • E-commerce (122)
  • Google (195)
  • Google Ads (24)
  • Marketing (166)
  • News (344)
  • Seo (74)
  • Social Media (43)
  • Technology (27)
  • Uncategorized (82)
  • WordPress (22)

Tags

Amazon Android Apple Apple Watch Artificial Intelligence B2B Bitcoin Blogging China Content Content Marketing Coronavirus Cryptocurrency Cybercriminals cybersecurity Digital Digital Marketing Facebook Gaming Google Increase Sales Instagram Intel internet strategy iOS 15 iPhone iPhone 12 IPhone 13 Make Money Marketing Microsoft Nvidia Online Marketing Samsung Science Search engine optimization Seo SEO optimization by content Social Media Social networks Technology TikTok Twitter Windows 11 YouTube

© 2019–2025 · SwaCash.com