Engadget

Criminals constructing ATM skimmers from DAPs

Joseph L. Flatley — Wed, 24 Nov 2010 07:48:00 EST

A recent article from Brian Krebs highlights a new trend in ATM skimmers: by using parts from cut-rate audio players and spy cams, criminals are able to construct something called an audio skimmer that records the data from the magnetic strip for later playback. Also included in the device is a miniature spy cam, which captures the user's PIN. The basic methodology behind the device is nothing new (for instance, it could be found in an issue of Phrack dating back to 1992) although the use of DAPs means that the whole thing is a lot more elegant than it was in the days of the portable cassette recorder. According to a recent report by the European ATM Security Team (EAST), devices of this type have been found in five countries, two of them "major ATM deployers" (with 40,000 active ATMs or more). Please guys, don't get any ideas. PR from EAST after the break.

Continue reading Criminals constructing ATM skimmers from DAPs

Criminals constructing ATM skimmers from DAPs originally appeared on Engadget on Wed, 24 Nov 2010 07:48:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Some Windows CE-based ATMs especially generous (and vulnerable to hackers)

Joseph L. Flatley — Thu, 29 Jul 2010 12:02:00 EST

Speaking at the Black Hat conference in Las Vegas, a fellow named Barnaby Jack (really!) used custom software to hack Windows CE-based ATMs on stage. After using an industry standard key to gain entry to the machines (apparently many ATM owners are too lazy to install new locks) Jack was able to load a rootkit on the device using a USB thumb drive. From that point, it was just a matter of running another program that caused all the cash therein to shoot out in a comical manner. The machines used in the presentation were manufactured by Trannax and Triton, both of which have have had a chance to send a security patch to customers prior to the demonstration. However, there are four different machines in common use that are still vulnerable. And no, he won't tell us which ones.

Some Windows CE-based ATMs especially generous (and vulnerable to hackers) originally appeared on Engadget on Thu, 29 Jul 2010 12:02:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

ATM scam at DEFCON clearly the work of ironic criminals

Joseph L. Flatley — Mon, 03 Aug 2009 10:43:00 EST

The hooligans in this case have a dry sense of humor or are extremely unlucky: Either way, we can't help but get a chuckle out of the fact that someone placed their smart card skimmin' faux ATM at the Riviera Hotel Casino in Las Vegas -- during DEFCON, the world's largest hacker convention. No one can say exactly how long the kiosk was there -- at least the kids were smart enough to place it right outside the security office, one of the few places in the conference center not under surveillance. It was picking up on this last fact that aroused the suspicion of Brian Markus, CEO of Aries Security. When shining a light through the glass panel that should house a camera, he instead found the PC that was set up to skim people's data. He then notified security, who removed the device and once again made the world safe for hackers and their bank accounts.

ATM scam at DEFCON clearly the work of ironic criminals originally appeared on Engadget on Mon, 03 Aug 2009 10:43:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

ATM skimmers: now with SMS notification built right in

Darren Murph — Fri, 10 Oct 2008 03:35:00 EST

Aw, how convenient! Now, when you purchase your next ATM skimmer, you don't even have to risk being arrested when you wander out to retrieve it. For those outside of the know, an ATM skimmer sits on credit / debit card machines and swipes information as unsuspecting civilians pass their cards through. In the days of old, scammers would have to physically retrieve the skimmer in order to acquire all that precious information; now, models with built-in SMS notification are becoming available, meaning that numbers, expiration dates and that easy-to-forget three digit code on the back can be shot out instantly after the data is snatched. Word on the street has these devices going for $8,500 a pop, and they can dish out around 2,000 texts. Just another zany hack to be aware of in the wide world of ATM shenanigans.

[Via Hack-A-Day]

Filed under: Misc. Gadgets

ATM skimmers: now with SMS notification built right in originally appeared on Engadget on Fri, 10 Oct 2008 03:35:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

London hit by malware-infected USB ruse

Darren Murph — Thu, 26 Apr 2007 10:15:00 EST

Joining the infamous Chip & PIN terminal hacks as yet another way to siphon banking details from unlucky Londoners, a group of "malware purveyors" reportedly dropped off tempting Trojan-infused USB drives in a UK parking lot in hopes that unsuspecting individuals would take the bait and subsequently hand over their banking credentials. Supposedly, Check Point regional director Nick Lowe mentioned the wile at the Infosec trade show, but couldn't elaborate due to the ongoing investigation. Another insight suggested that such chicanery was becoming "the new phishing email," but hey, where's the love for those oh-so-vulnerable ATMs? Take note, dear Brits, that the free storage you're eying on the park bench could end up costing you quite a bit in the long run.

Filed under: Misc. Gadgets

London hit by malware-infected USB ruse originally appeared on Engadget on Thu, 26 Apr 2007 10:15:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Windows-based ATM machine hacked, gets Painted

Darren Murph — Sun, 25 Feb 2007 21:05:00 EST

Although we wouldn't expect to find the latest release of Photoshop on your neighborhood ATM, it's not so far fetched to think that Paint would be left on a Windows-based ATM. We've seen a recent boost in cash machine hacking of late, and while this latest attempt doesn't siphon illegal coinage out of the slot, it does make for quite a laugh. Joining the pitiful array of other Windows-powered mishaps, a sharp cameraphone-toting individual spotted a local ATM that had a beautifully hand-crafted Paint message on the front screen in place of the typical "Insert your card to begin transaction," and while we've already said too much about a picture that speaks a million words, be sure to click on through to see how accessing an ATM's start menu can lead to all sorts of mischievous mayhem.

[Via Digg]

Continue reading Windows-based ATM machine hacked, gets Painted

Filed under: Misc. Gadgets

Windows-based ATM machine hacked, gets Painted originally appeared on Engadget on Sun, 25 Feb 2007 21:05:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Chip & PIN Tetris hackers can steal credit card info, too

Darren Murph — Wed, 07 Feb 2007 16:32:00 EST

Hacking into sensitive machines and playing brain games on them certainly isn't new -- and a pair of researchers at Cambridge have already done just that on a "tamper-proof chip-and-PIN payment terminal," -- but in a recent (and more serious) development, they've extended the exploit to demonstrate how they can "compromise the system by relaying information between a genuine card and a fake one." Saar Drimer and Steven Murdoch, members of the Cambridge University Computer Laboratory, have not only played Tetris on a banking machine, but have devised a scenario where a terminal is actually connected to a thief's laptop (instead of a bank, for instance), thus passing through crucial information without throwing a red flag to the now-screwed customer. Through a series of RFID, WiFi, and SMS connections, the duo even explains how something so simple could be used to steal thousands of dollars in diamonds and jewelry if working with a trained crew. Still, it's noted that this kind of stunt would be "difficult to execute in practice," and of course, whoever tries it runs the risk of being imprisoned for quite some time, but if you're interested in an eerily detailed description of just how beautiful you life can become if you actually pull this off, the read link demands your attention.

Filed under: Misc. Gadgets

Chip & PIN Tetris hackers can steal credit card info, too originally appeared on Engadget on Wed, 07 Feb 2007 16:32:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

ATM hack uncovered, financial freedom abounds?

Darren Murph — Thu, 21 Sep 2006 17:50:00 EST

You're probably familiar with the Virginia Beach trickster who reprogrammed an ATM to shoot out 300% more money than was debited from his account, but now it seems his "discovery" might have been widely available all along. Dave Goldsmith, a computer security researcher at Matasano Security, began to dig a little deeper once the news broke, and thanks to the oh-so-disclosing CNN video, secured the machine's model and maker: a Tranax Mini Bank 1500 series. Reportedly, he then acquired a (legal) copy of the ATM's user's manual, which conveniently spelled out "how to enter the diagnostic mode, default passwords, and default combinations for the safe." Once the cash-spewing gizmo is in "Operator" mode, the only thing standing between you and illegitimate funding (aside from your conscience) is a password, and since default passwords are plainly listed in the manual, it's up to the installation crew to actually insert a more secretive alternative. While we assume Tranax has been hastily sending memos to stores who (currently, at least) use its machines, you'll probably notice the unmodified machines by the insanely long lines preceding them (or a mysterious lack of cash available to disperse).

Update: It looks like Tranax Technologies is stepping to the plate and planning a "software update" that forces installers to change the default password before it goes into service. The company has stated that the patch should be ready "in a matter of weeks," but it can't "force operators of currently installed ATMs to install it".

[Via Wired Blogs]

Filed under: Misc. Gadgets

ATM hack uncovered, financial freedom abounds? originally appeared on Engadget on Thu, 21 Sep 2006 17:50:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments