Tag Archives: Automatic Teller Machines

Could we ask John Connor to bring his Atari and bypass this?

Automatic Teller Machines (ATM) are devices that provide the customers of a financial institution with the ability to perform financial transactions [1].  They are available everywhere and often use well known operating systems and off-the-shelf hardware. During last Christmas while on vacations and walking through the beautiful city of Lisbon I came across the ATM posted in the picture.Winnt-ATM

An ATM running Windows NT operating system! – By this time the ATMs should be running Windows XP embedded not to say Windows 7 embedded!

Without a doubt the most common ATM attacks involve using card skimmers. An excellent resource to read about card skimmers is the series that Brian Krebs putted together on “all about skimmers”. It’s definitely an opening eye and excellent to raise awareness. Other attacks techniques are card trapping, pin cracking, phishing and malicious software [2]. However when I saw this ATM I automatically remembered Barnaby Jack and his DefCon presentation Jackpotting Automated Teller Machines.  It’s like in Terminator 2, where John Connor uses its Atari to bypass security on an ATM with a ribbon cable connecting the parallel interface to a magnetic stripe card. Fiction apart these kinds of attacks are very real. For example, this one that was seen in Mexico or the Troj/Skimer-A with a in-depth analysis by XyliBox. Another interesting report is this one from Trustwave which shows  a piece of malware that targets ATMs with Windows XP operating system. Diebold ATM Security Communication and Support Center as good information about all kind of attacks like the one seen in Russia where an insider, would install the malicious code on several ATMs running Windows XP embedded. Then with a special activation card that would allowed complete control of the ATM.

Would you withdraw money from an ATM  running Windows NT?

[1-2] Mubarak Al-Mutairi; Lawan Mohammed ; IGI Global ; Cases on ICT Utilization, Practice and Solutions.