Free Newsletter
HOT TOPICS >> The tech world's top flops and fiascos of 2011 | Top 8 features in Windows 8 | Paul's Q&As
INDUSTRY >> Healthcare IT | Government IT | Financial Services IT | Biotech IT | Compliance IT
Black Hat ATM hack has implications beyond the financial sector
At the Black Hat Conference this week, researcher Barnaby Jack successfully hijacked several ATMs in a presentation provocatively titled: "Jackpotting Automated Teller Machines Redux." His two exploits--one using a remote connection and the second using a USB port on the ATM machine--caused the compromised ATMs to dispense money without being authorized to do so.
All this makes for an entertaining read, certainly, but should the insecurity of ATMs concern IT workers? Unfortunately, the short answer is: Yes. This demonstration does bear some repercussion for the rest of computing field.
You see, undergirding both the hacked ATMs is the Windows CE operating system. Without getting overly technical, one of Jack's exploits involved breaking into the way Windows CE is loaded by purchasing a legitimate master key and then overwriting the firmware with the contents of a USB flash drive.
Before you start pointing fingers at Microsoft (NASDAQ: MSFT), the biggest issue to consider here is this: Many of the machines that we use today are built using software platforms that were never designed to counter the sophisticated security attacks that we are now facing on a daily basis. The fact that this hack involves Windows CE and ATMs is simply incidental.
I think Toralv Dirro, a security researcher from McAfee sums it up best in a blog post: "Most people tend to ignore the fact that a lot of today's devices and machines are running fairly standard computers and operating systems internally. ATM machines, cars, medical devices, even your TV may have such a computer inside, allowing updates over a network. Software unfortunately has flaws."
So where does this all lead to? It's hard to say, but perhaps I will venture that security exploits similar to those in the storylines of B-grade movies of yesteryear, might be closer to the future reality than we've ever imagined.
And the security landscape will simply get worse, not better; at least until a revolution in the building of secure, defensive software takes place. - Paul Mah (Twitter @paulmah)
SHARE WITH:
Home
| Subscribe | Advertise | RSS |
Privacy
| Site Map
| EditorsTHE FIERCEMARKETS NETWORKFierceEnergy | FierceSmartGrid | FierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceEMR | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceGovernment | FierceHomelandSecurity | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceEnterpriseCommunications | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2011 FierceMarkets. All rights reserved. |
 |
