Could we ask John Connor to bring his Atari and bypass this?

Automatic Teller Machines (ATM) are devices that provide the customers of a financial institution with the ability to perform financial transactions [1].  They are available everywhere and often use well known operating systems and off-the-shelf hardware. During last Christmas while on vacations and walking through the beautiful city of Lisbon I came across the ATM posted in the picture.Winnt-ATM

An ATM running Windows NT operating system! – By this time the ATMs should be running Windows XP embedded not to say Windows 7 embedded!

Without a doubt the most common ATM attacks involve using card skimmers. An excellent resource to read about card skimmers is the series that Brian Krebs putted together on “all about skimmers”. It’s definitely an opening eye and excellent to raise awareness. Other attacks techniques are card trapping, pin cracking, phishing and malicious software [2]. However when I saw this ATM I automatically remembered Barnaby Jack and his DefCon presentation Jackpotting Automated Teller Machines.  It’s like in Terminator 2, where John Connor uses its Atari to bypass security on an ATM with a ribbon cable connecting the parallel interface to a magnetic stripe card. Fiction apart these kinds of attacks are very real. For example, this one that was seen in Mexico or the Troj/Skimer-A with a in-depth analysis by XyliBox. Another interesting report is this one from Trustwave which shows  a piece of malware that targets ATMs with Windows XP operating system. Diebold ATM Security Communication and Support Center as good information about all kind of attacks like the one seen in Russia where an insider, would install the malicious code on several ATMs running Windows XP embedded. Then with a special activation card that would allowed complete control of the ATM.

Would you withdraw money from an ATM  running Windows NT?

[1-2] Mubarak Al-Mutairi; Lawan Mohammed ; IGI Global ; Cases on ICT Utilization, Practice and Solutions.

Advertisements
Tagged

3 thoughts on “Could we ask John Connor to bring his Atari and bypass this?

  1. Ash says:

    WOW !!!!! Although NT may end up being safer than XP these days as how many attack toolsets still incorporate NT in them. Security by Ignorance 😀

    Like

  2. Alexandre says:

    No. I’ll withdraw money from a Bitcoin ATM no matter what operate system it’s running trough! At that moment, even terminator 2, 3, 4 ….. no matter what, will don’t be able to bypass it. It’s gonna be the future raised in cryptography and i hope I’ll be alive to contemplate all that.

    Like

  3. Mosssssss…. não fazia ideia.
    Realmente como é possível com tanta “guita” que a banca ganha não ter investido ainda no melhoramento dos multi-bancos.
    Estranho não ocorrerem mais “problemas”!!!
    https://countuponsecurity.com/2014/01/24/could-we-ask-john-connor-to-bring-his-atari-and-bypass-this/#comment-form-load-service:Facebook

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

gb_master's /dev/null

... and I said, "Hello, Satan. I believe it's time to go."

Source Code Auditing, Reversing, Web Security

Finding Hidden codes in the software

BruteForce Lab

security, programming, devops, visualization, the cloud

Count Upon Security

Increase security awareness. Promote, reinforce and learn security skills.

Naked Security

Computer Security News, Advice and Research

Didier Stevens

(blog \'DidierStevens)

malwology

Adventures in double-clicking malware / by Anuj Soni

Rational Survivability

Hoff's Ramblings about Information Survivability, Information Centricity, Risk Management and Disruptive Innovation.

SANS Internet Storm Center, InfoCON: green

Increase security awareness. Promote, reinforce and learn security skills.

TaoSecurity

Increase security awareness. Promote, reinforce and learn security skills.

Schneier on Security

Increase security awareness. Promote, reinforce and learn security skills.

Technicalinfo.net Blog

Increase security awareness. Promote, reinforce and learn security skills.

Lenny Zeltser

Increase security awareness. Promote, reinforce and learn security skills.

Krebs on Security

In-depth security news and investigation

%d bloggers like this: