A security expert has highighted security vulnerabilities in ATM cash machine at the Black Hat Security Conference in Las Vegas.
Security expert at IOActive Barnaby Jack revealed that he had discovered security flaws that had made the majority of the world's ATM machines vulnerable to physical and remote attacks.
Jack said that he had bought two ATM machines, manufactured by Triton and Tranax Technologies, over the internet and had studied their code for years to create some ATM cracking software based on the vulnerabilities he discovered.
He reassured delegates that, after they had been informed, both Triton and Tranax had issued patches to fix the vulnerabilities a year ago.
The security researcher said: “I hope to change the way people look at devices that from the outside are seemingly impenetrable. Every ATM I've looked at, I've found a game-over vulnerability that allows an attacker to get cash from the machine.”
He explained that the Tranax ATM machine suffered from a remote access vulnerability while the Triton machines had a vulnerable motherboard that could be tricked into accepting backdoor software as a legitimate update.