Communications of the ACM

Home/News/Hackers Say 'Jackpotting' Flaws Tricked Popular ATMs.../Full Text

ACM TechNews

Hackers Say 'Jackpotting' Flaws Tricked Popular ATMs Into Spitting Out Cash

By TechCrunch
August 14, 2020
Comments

View as: Print Mobile App Share:

An ATM spewing cash. — Security researchers found two "jackpotting" flaws that force Nautilus ATMs to dispense cash on command.

Credit: Broadcom

Security researchers Brenda So and Trey Keown of the Red Balloon security firm unveiled two new "jackpotting" flaws that force Nautilus ATMs to dispense cash on command.

The bugs have lain dormant within the ATMs' underlying software—a 10-year-old version of Windows no longer supported by Microsoft—which the researchers reverse-engineered.

The Extensions for Financial Services software layer contained the first vulnerability, based on its implementation by the manufacturer; Keown said transmitting a malicious request over the network could trigger the cash dispenser and dump the cash inside.

The second flaw resided in the ATM's remote management software, and So said switching its payment processor with a hacker-controlled server to extract data like credit card numbers was possible.

The researchers privately disclosed their findings to Nautilus last year, and Bloomberg reported roughly 80,000 Nautilus ATMs in the U.S. were vulnerable at the time.

From TechCrunch
View Full Article

No entries found

Hackers Say 'Jackpotting' Flaws Tricked Popular ATMs Into Spitting Out Cash

AI Is Decoding the Animal Kingdom

Disinformation 2.0 in the Age of AI: A Cybersecurity Perspective

The Role of Autonomous Machine Computing in Shaping the Autonomy Economy