Some Windows CE-based ATMs especially generous (and vulnerable to hackers)
By Joseph L. Flatley 
posted July 29th 2010 12:02PM
posted July 29th 2010 12:02PM
Speaking at the Black Hat conference in Las Vegas, a fellow named Barnaby Jack (really!) used custom software to hack Windows CE-based ATMs on stage. After using an industry standard key to gain entry to the machines (apparently many ATM owners are too lazy to install new locks) Jack was able to load a rootkit on the device using a USB thumb drive. From that point, it was just a matter of running another program that caused all the cash therein to shoot out in a comical manner. The machines used in the presentation were manufactured by Trannax and Triton, both of which have have had a chance to send a security patch to customers prior to the demonstration. However, there are four different machines in common use that are still vulnerable. And no, he won't tell us which ones.
@bartnd Khav is right, the vault is a separate thing from where the PC is in most cases.
@Khav Iz in ur ATM takn ur monyz
This is the bank's money he is stealing and the bank insures their ATMs.
If that much hacking and fraud was going on then ATM bank insurers would have kicked Windows to the curb.
I have yet to see a USB port on an ATM and if operators don't securely lock access to the USB port I really don't see why this is a Windows fault.
People used to hack the old OS2 ATMs with their card on a cable.
@fourthletter
+1
ATM are safe because its limit the input :the credit card, a touch interface, a keyboard and some other minor input.
why dont they load ATm's with osx?? problem avoided
@rmbrown09
1. Osx is not an embedded os
2. Apple are jerks and don't allow it to be installed on third party hardware
@Gareth Calvert I agree with 2 at least.
@rmbrown09 haha, really? then they'll just as easily get through osx. the only reason there aren't just as many if not more known holes and vulnerabilities within osx is because of the large market share (especially in businesses and corporations) that windows and microsoft holds.
@rmbrown09 how can you not agree with a fact?
If you read the article it says that the compromise had NOTHING to do with CE, and everything to do with the custom apps written for the ATM....
I love Engadget, but -1 for the deceptive title...
If your ATM is that easily hacked.. You Blew It
@rmbrown09 Tell that to Citibank
http://farm5.static.flickr.com/4097/4793452640_04d22691cd_b.jpg
(Sorry for the fail picture, MBTA cop was giving me weird looks for taking a pic of the atm)
"It prints money."
Barnaby Jack: Coolest name in the universe.
It sounds like he used the bootloader to run his own OS and application. Bootloaders can scan for external media before loading the default OS. If this is the case, then it's the manufacturer's fault for not locking down the bootloader, it has nothing to do with Microsoft.
Surprise, another security vulnerability from black hat. Why don't they just tell us what doesn't have an easily exploitable flaw in its security. Seems like it would be easier.
@High I can give you that answer now: Nothing.
First mistake: believing that anything other than a non-configurable firmware based system is secure, especially Windows CE. The word "Windows" should have been a dead giveaway... lol
@DJ Tama ya, because you know, companies love investing money into custom made firmware when they can cut costs by 500% (estimating) buying a PC based configuration. Also, the hack requires physical interfacing with the computer...if you could physically interface with a firmware board, chances are you could hot-wire something and make it shoot out money anyway.
Learn to read, the hack had nothing to do with windows, it was a bug in the companies software.
Windows Cashback! Rewarding power user with moolah to use Windows.
LOL, nice.
Interesting... *proceeds to think about which ATM's are vulnerable*
haha any system can be hacked. Its like a house. You just need the right key....
That's pretty CS 101. If you gain physical access to a machine, you can compromise it. Anyone know how long you can mess with an ATM's door before the police are over you like white on rice? More after the break...