Is anyone surprised.
These boxes have a very long life.
That said tracking who accesses them should be easy as the list should be quite short.
But probably is not as short as people think, or as well maintained as they expect.
Weighing in at 800kg secondhand, freestanding ATMs - a “safe with a computer on top” - are a logistical nightmare to own and research, security boffin Leigh-Anne Galloway warned delegates at the BSides Manchester infosec conference yesterday. b sides manchester talk on ATM. scrren grab from video Security boffin Leigh-Anne …
Any device that can be access without 2FA should have its insurance cover revoked.
Of course, as modern devices have got more secure the crooks have gone low tech and now just blow them open. Hence, the banks none too subtle attempts to put people off cash. Because contactless payment systems can't be hacked…
The cat is the sidekick, secretly reprogramming the ATM by night when nobody is watching in order to ensure the Rise of the Feline Race.
Feh. Cat are too lazy to write code.
All bow before IronClaw the 1st !
Cats already expect this. They were, are, and will continue to be, severely dissapointed.
I saw some program a while back that did exactly that. They set up a fake ATM in the middle of the high street, with someone just sat inside it. People went up to it, they "cloned" the card and then spat the card out with an error on the screen.
People were then shown how it was done.
The idea was to not trust any old ATM
I remember an episode the 'The Real Hustle" from a few years ago where they set up a fake ATM consisting of a laptop connected to a card reader and keypad housed inside a large box on a busy street and the amount of people who would just come along and put in their card and pin and when it threw up an error just walk away and go to use another.
There are even companies that turn up to festivals and other pop up events with trucks with a load of ATMs in the back, I whenever possible just use the ATM at the banks and no these little ones in shops, especially as they usually charge to use.
There was a warehouse in a large town to the northwest of London where ATMs of all make, size and model were simply dumped outside at the back. I used to walk past it on the way to the train station every day and every night. No security to speak of, just a sensor light.
I wrote to the company pointing out how easy it would be to obtain a genuine machine front for doctoring for nefarious purposes and asked if they felt any responsibility for the wave of ATM crime at the time. No response.
So I wrote to the council. No response.
So I wrote to the police and enclosed a photograph of the area, of the whole in the chainlink fence made with bolt croppers by the look of the cut ends and of a broken machine front where someone had unsuccessfully tried to remove one. Within a month the yard was cleared of all but the skips full of scrap metal and the whole site had CCTV, IR alarms and a dog patrol.
I just get some cash when I buy groceries. I never use an ATM. Why should I? I always carry enough cash in my pocket to buy what I will most likely need the next week or so. When the lights go out I can still buy essentials. Local or even grid failures have happened before and will happen again.
I do not carry a wallet either. I carry an antimagnetic credit card holder with only the absolutely necessary ID and one credit/debit card, plus some tightly folded $100 bills. That in is a front pocket where it is far more difficult for a pickpocketer to pick my pocket.
I am trying to imagine a picture of a pocket with a picture of a pickpocketer taking a picture of a pickpocketer pickpocketing the pocket of a pickpocketer taking a picture of a picture of a pickpocketer picpocketing my pocket. Now, in the other pocket....
Next time you buy groceries, take a look at the cash register. Over here, there is a box with a card reader and a numeric key pad. The box connects to the cash register through a wire. The wire goes behind the register - presumably through a hidden key logger - before connecting to register somewhere dark and hard to examine.
The only way to be sure is a specialised payment device (not a phone / camera / music / video / torch / game / thermometer / web browser / Geiger counter / cat toy / address book / diary / taxi finder). The specialised device needs a display to show who is getting paid, how much (and if possible, what for) and a key pad (not a severed finger or eyeball scanner - even if almost every thief knows that a live finger is required.) The device needs a network connection, but minimal storage so there is no excuse for the TLAs to demand your pin.
Way, way, back I worked for a Canadian company who manufactured ATM sub-assemblies and accessories.
As the production supervisor I had a Master Key that would unlock all manner of these ATMs. In fact I ended up with several Master Keys (as they were emphasised in paperwork). I found a bunch of them a while back, when I was unpacking my imported personal goods.
When I returned to Canada for a brief visit, I took these Master Keys with me. Believe it or not, decades after they were first installed THEY STILL WORKED! (Opening the locked panel door is a No-No as there is an alarm microswitch attached to detect door opening.)
So not only is the software ancient, so is the hardware!
Biting the hand that feeds IT © 1998–2019