ATM hack uncovered, financial freedom abounds?
You're probably familiar with the Virginia Beach trickster who reprogrammed an ATM to shoot out 300% more money than was debited from his account, but now it seems his "discovery" might have been widely available all along. Dave Goldsmith, a computer security researcher at Matasano Security, began to dig a little deeper once the news broke, and thanks to the oh-so-disclosing CNN video, secured the machine's model and maker: a Tranax Mini Bank 1500 series. Reportedly, he then acquired a (legal) copy of the ATM's user's manual, which conveniently spelled out "how to enter the diagnostic mode, default passwords, and default combinations for the safe." Once the cash-spewing gizmo is in "Operator" mode, the only thing standing between you and illegitimate funding (aside from your conscience) is a password, and since default passwords are plainly listed in the manual, it's up to the installation crew to actually insert a more secretive alternative. While we assume Tranax has been hastily sending memos to stores who (currently, at least) use its machines, you'll probably notice the unmodified machines by the insanely long lines preceding them (or a mysterious lack of cash available to disperse).Update: It looks like Tranax Technologies is stepping to the plate and planning a "software update" that forces installers to change the default password before it goes into service. The company has stated that the patch should be ready "in a matter of weeks," but it can't "force operators of currently installed ATMs to install it".
[Via Wired Blogs]
Filed under: Misc. Gadgets
Reader Comments (Page 1 of 1)
shirizaki @ Sep 21st 2006 6:00PM
Someone found an infinite money cheat code for Real Life.
FINALLY!
I might go for a night visit to a machine now.
mo @ Apr 27th 2007 1:19PM
yo shirizako!!! u got da password???? im in london yeah so try n hook it up 4 me im sure we can do something togethar email me i_coch@hotmail.co.uk get back to me asap yeah? safe take care
Paul @ Sep 21st 2006 6:08PM
Wouldnt it be fairly easy for the banks to see who has been recieving the "bonus" money? Or at least to see who was the first person to receive said bonus cash...
I think the legal ramifications of performing this hack outway any short term benefits, ala more spending money.
W00ter @ Sep 21st 2006 6:24PM
"Paul @ Sep 21st 2006 6:08PM
Wouldnt it be fairly easy for the banks to see who has been recieving the "bonus" money? Or at least to see who was the first person to receive said bonus cash...
I think the legal ramifications of performing this hack outway any short term benefits, ala more spending money."
Nope - you could get one of those prepaid ATM cards and do this. You just have to worry about security cameras in the location.
ralphg @ Sep 21st 2006 6:17PM
There is a similar trick to getting into hotel room safes. I once checked into a room where the previous occupant had left the safe locked.
When the maintenance man arrived, he plugged a PocketPC into a socket under the safe's handle. I am guessing it reported the safe's user-set combination, which he then overrode.
obstreperous @ Sep 21st 2006 6:17PM
Is your conscience conscious or unconscious?
chaosrain @ Sep 21st 2006 6:43PM
Actually, a pre-paid ATM card is not the solution as pre-paid ATM accounts require that the information submitted match that of a TransUnion search. Now, if you wanted to spend a bunch of time creating a pseudo TransUnion account (which some folks will explain to you how to do), then leverage that account to generate a pre-paid ATM card (which you would have to load with some money), you'd be in business.
Matt @ Sep 21st 2006 6:46PM
Actually, most of these machines are not owned by banks, but are the mini ATMs you see in convenience stores, fast food chains, casinos, hotels and night clubs. Most are managed by small companies who are simply making money through the fees they charge. Some are owned by the stores they are in. In other words, you aren't cheating your bank when you do this, but rather most likely a storekeeper. It is a crime either way, so even if there are no cameras around, its a wise idea not to do it.
slojohn @ Sep 21st 2006 7:10PM
Now would be the time to devise your own money gathering scheme rather than worry about this guy's hack
DudeinAmerica @ Sep 21st 2006 7:36PM
If he was smart, he would have reset the machine back to 'normal'
Chris McDowell @ Sep 21st 2006 7:58PM
Funny
evo @ Sep 21st 2006 9:05PM
Dude, it's "disburse", not "disperse".
jason @ Sep 21st 2006 10:22PM
so i read the manual today and the news story is incorrect, you can actually cap it out at 1600 using more menu options, i have a friend that owns a bar, i went in with a 85.00 pre paid atm card, that i purchased at a check cashing place with no id and paid cash for. and heres what i did. i wish i had a camera to capture the look on his face when i went thru this.
step 1, find tranax 1500 manual and read up on changing denom's and COUPON codes.
step 2 get gift card
step 3 find a tranax with default pw and dual cassetes
step 4 logon to master menu, change denom to 1.00 from the normal 20.00
step 5 if machine has 2ndary cassete change that to a coupon cassette instead of a cash cassette.
step 6 tell it to give 40 coupons for each transaction
save changes
insert prepaid card withdraw 40.00, you will get FORTY 20.00 bills and FORTY "coupons" wich are actually 20.00 bills. for a total of 1600
step 7 insert card again, get another 1600
jason @ Sep 21st 2006 10:28PM
p.s.s, most little restaraunts and strip bars own their own atm's and dont have cameras on them. strip bars would be perfect for this.
jason @ Sep 21st 2006 10:27PM
p.s.
change it back to the original defaults, and i figure it would take them 4 to 6 weeks to figure out and audit where the missing money went and how many of these little stores keep 6 weeks of surveillance tapes?
Julian Weisser @ Sep 22nd 2006 10:19AM
THIS is sketchy...
Man I cant wait to see how many people take advantage of this and get busted.
killah @ Jan 14th 2007 3:49AM
wat is ti
Jason @ Sep 22nd 2006 11:30AM
First of all, you should never be able to enter an ATM's service menu without using a physical key to open up the box and press a physical switch. The box design is flawed, not just the software.
kwok @ Aug 23rd 2007 1:32PM
Hi, i need Wincor Nixdorf manual for model 2050xe is in the world wide in every country!if you can help me reply this comment!
ricky @ Oct 5th 2008 3:13AM
hello i have manuals and software for wincor and diebold contact me sanciti@ymail.com
i have the perfect key for diebold and wincor .......................
Rahat @ Feb 29th 2008 1:07PM
gh
ricky @ Oct 5th 2008 3:14AM
i need tech of wincor or diebold .............the rest is my job
sancit@ymail.com
ricky @ Oct 5th 2008 3:14AM
i need tech of wincor or diebold .............the rest is my job
sanciti@ymail.com