Barnaby Jack demonstrates “ATM jackpotting” exploits

Barnaby Jack demonstrates “ATM jackpotting” exploitsAfter having demonstrated the successful hacking of two different ATM machines at the Black Hat conference on Wednesday, computer security researcher Barnaby Jack Saturday demonstrated his “ATM jackpotting” exploits to a capacity crowd of hackers at the DefCon gathering in Las Vegas.

For demonstrating his findings, Jack used two kinds of ATMs normally found in corner stores, bars or other “stand-alone” venues in the US. However, he revealed that the flaw that he has exploited in the machines is probably existent in the machines at banks.

Revealing that he had figured out a way to crack ATMs remotely using the Internet, Jack – a researcher from IOActive, and a native of New Zealand - told AFP after his presentation at DefCon: “This is the first time anyone has taken the approach of trying to attack the underlying software. It is time to find software defenses rather than hardware defenses.”

Jack elaborated that banks essentially depend on “remote management” software for monitoring and controlling their ATMs; and that he had used a flaw in the code that they use, to take control of machines via the Internet.

Jack further elucidated that the mechanism he had worked out bypassed the requisite submission of passwords and serial numbers for accessing ATMs remotely; subsequently commanding them to spit out cash or transfer funds.

Jack further revealed that the mechanism also helped him capture account data from magnetic strips on credit or bank cards as well as passwords punched in by ATM users.