Communications of the ACM
NFC Flaws Let Researchers Hack ATMs by Waving a Phone
Josep Rodriguez, a researcher and consultant at security firm IOActive, has built an Android app that allows his smartphone to mimic credit card radio communications and exploit flaws in ATMs' system firmware.
Credit: Dennis Wong/Creative Commons
An Android app developed by IOActive's Josep Rodriguez exploits flaws in near-field communication (NFC) systems, enabling ATMs and a variety of point-of-sale terminals to be hacked by waving a smartphone over a contactless credit card reader.
Rodriguez said his app was able to force at least one ATM brand to dispense cash, but only in combination with other flaws in the ATM's software.
The researcher added that the point-of-sale vulnerabilities allow you to "modify the firmware and change the price to $1, for instance, even when the screen shows that you're paying $50. You can make the device useless, or install a kind of ransomware. There are a lot of possibilities here."
The findings have been disclosed to the affected vendors, but Rodriguez acknowledged that physically patching hundreds of thousands of affected terminals and ATMs "would require a lot of time."
From Wired
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found