The recent ATM jackpotting attacks in Europe and Asia beg the question: ( Barnaby Jack – Jackpotting Automated Teller Machines Redux.

Author: Yoramar Faekazahn
Country: French Guiana
Language: English (Spanish)
Genre: Art
Published (Last): 22 September 2008
Pages: 300
PDF File Size: 1.57 Mb
ePub File Size: 4.66 Mb
ISBN: 676-3-45024-926-9
Downloads: 17020
Price: Free* [*Free Regsitration Required]
Uploader: Dushura

Log in Sign up.

Due to circumstances beyond my control, the talk was pulled at the last minute. Of course, this information could be sold on the black market. The upside to this is that there has been an additional year to research ATM telker, and I’m armed with a whole new bag of tricks.

Simple Expanded Grid By Venue. This is so not the case.

Jack selected one of the containers, and out came the money. Jackpptting will demonstrate both local and remote attacks, and I will reveal a multi-platform Jackpottng rootkit. The most prevalent attacks on Automated Teller Machines typically involve the use of card skimmers, or the physical theft of the machines themselves.

Menu Schedule Attendees Search. Wednesday July 28, 1: But, Jack was about to show the audience something rare. View Support Guides Event questions?

Black Hat USA Jackpotting Automated Teller Machines Redux 4/5 on Make a GIF

With all of the cash extracted, one might think that remote control over the ATM is no longer valuable. Of course, as the method describes, this requires physical access to the machine that could easily lead to the thief being caught and exposed as one of those dumb criminals seen on TV.


After an ATM reboot, and with the rootkit installed, Jack can now query the machine for its network settings and its physical location. All Break Opening Ceremonies Reception.

Remote ATM Vulnerability – JACKPOT! — imsmartin

I’ve always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine.

From this menu, Jack is able to select any of the menu options available to him, four of which allow him to empty each of the four cash containers.

Jack demonstrated how his customized ATM control software could trace each and every ATM card that is inserted into the ATM, remotely downloading the log file that contained this recorded information, saving it to his laptop.

Create Your Own Event.

Black Hat USA 2010: Jackpotting Automated Teller Machines Redux 4/5

Finally, I will discuss protection mechanisms that ATM manufacturers can implement to safeguard against these attacks. Black Hat has ended. WednesdayJuly 28 ThursdayJuly In this case, the jackpot included IOActive cash, granting the bearer access to an IOActive event to be held later during the conference. There are basically two ways to conduct the attack, either through physically or remote means.


Jack noted that it is rare to see any targeted attacks on the underlying software.

Rarely do we see any targeted attacks on the underlying software. I think I’ve got that kid beat.

The alternative, a remote attack, gives the attacker complete control of the ATM from a remote location. The most prevalent attacks on ATMs, however, typically involve the use of card skimmers, or the physical theft of the machines themselves, as these are both physically and technically less challenging. Jackpotting Automated Teller Machines Machinss Sign up or log in to save this to your schedule and see who’s attending! Walking over to the compromised machine, and by inserting a custom credit card or by entering a special key sequenceJack is granted access to the custom menu he built.

But in this case, Jack emptied one jacklotting the containers remotely — giving the unsuspecting passersby a Jackpot of their own.