ATM HACK COULD LET CRIMINALS STEAL £38000 IN 15 MINUTES SAY RESEARCHERS
A vulnerability in ATMs could allow hackers to make the machines spit out thousands of pounds in just a few minutes. Speaking at the Black Hat conference in Las Vegas, experts from Rapid7 showed how criminals could make ATMs dispense money with just a few changes.
Using the technique, they said they could get up to $50,000 (£38,000) from an unattended machine in just 15 minutes, according to Computing. The security firm has shared the exact method with ATM manufacturers and banks, but did not fully disclose it publicly to avoid aiding would-be thieves.
At a basic level, the scam involves skimming a card with a modified point of sale system or ATM and stealing both its identifying data and the PIN entered by the victim. The data can be downloaded wirelessly from the skimming device using a smartphone.
Criminals can then make external changes to an ATM and recreate the stolen card, allowing them to use it to drain cash from the machine.
The scam involves a card-shaped device inserted into the machine that helps to set up the secure connection needed to make transactions.
They are only able to withdraw cash for a limited time, but skimming multiple cards could allow them to steal large amounts of money from banks.
“With this paper and lecture, I hope to improve the overall knowledge of financial institutions and ATM manufacturers regarding the lengths that carders will go to in order to use stolen credit card data,” said Rapid7 senior security consultant Weston Hecker in his whitepaper.
“My goal is to encourage proper maintenance and communication with fraud backend systems, in order to reduce the negative impact of attacks against these systems.”
With the US slowly adopting chip and PIN technology, it is anticipated that such exploits could become more widely used as the base of potential victims grows.