Barnaby Jack of IOActive demonstrated attacks that would allow a criminal to compromise ATMs.
A security researcher today gave notice to companies that make the world's automated teller machines.
On Wednesday at the Black Hat conference, Barnaby Jack of IOActive demonstrated attacks that would allow a criminal to compromise ATMs, allowing hypothetical thieves to steal cash, copy customers' ATM card data, or learn the master passwords of the machines. While one of the attacks required a few seconds to open the ATM and insert a USB drive with code to overwrite the system, the other attack used a remote management feature commonly found on standalone ATMs.
Jack's presentation targeted machines made by Tranax and Triton, but other ATMs likely have similar security issues, he said.
"I found specific vulnerabilities in the ATM machines," Jack said during a press conference following the presentation. "But the attack surface is [similar] across the ATM industry as a whole ... In every ATM system I've looked at, I've been able to find flaws."