14 DAY TRIAL // A security researcher plans to demonstrate serious vulnerabilities in several ATM models at the upcoming Black Hat USA security conference. He promises a cash-dispensing trick more impressive than John Connor's in Terminator 2.
A lot of people were expecting Barnaby Jack's presentation on automated teller machine (ATM) vulnerabilities at last year's Black Hat. However, faced with pressure from the affected ATM manufacturer, the researcher's employer, Juniper Networks, banned him from going ahead with his talk.
Fortunately, Jack is back up on this year's Black Hat schedule, with an even more promising presentation about security problems affecting ATMs. He's also out of Juniper's reach, as he no longer works for the company. The researcher has since joined Dan Kaminsky at IOActive, where he now fills the Director of Security Research shoes.
“The upside to this is that there has been an additional year to research ATM attacks, and I'm armed with a whole new bag of tricks. […] Last year, there was one ATM; this year, I'm doubling down and bringing two new model ATMs from two major vendors,” Jack says. “I've always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine. I think I've got that kid beat,” he adds.
Jack plans to attack ATMs both locally and remotely, while targeting their underlying software in particular. In this respect, he will also demo an ATM rootkit that is able to function across several platforms.
However, as a respectable security researcher, he doesn't plan to leave ATM manufacturers with a huge target on their back after his talk. Instead, he promises to give them ideas of how they can fend off such attacks and implement better safeguards in their machines.
While the area of ATM vulnerabilities is pretty much uncharted, Barnaby Jack's rootkit is not the first malware to target such machines. Back in March 2009, Sophos analysts reported having discovered a trojan that was specifically designed to infect Diebold Agilis 91x ATMs. Three months later, researchers from Trustwave, discovered a similar threat of Eastern European origin.