Security researcher "jackpots" ATMs at Black Hat Conference

Security researcher Barnaby Jack drew hoots and applause when he successfully "jackpotted" several ATM cash dispensers on stage, causing them to spew out a cascade of crisp bills. This took place at the Black Hat Security Conference, where Jack successfully reprogrammed one of the machines from a remote network connection. The second was corrupted via physical access using a special, malware-laden USB flash drive.

At a press conference, Jack said he has examined ATMs made by four manufacturers and all of them have vulnerabilities.

"Every ATM I've looked at allows that 'game over.' I'm four for four," he said. Jack was originally scheduled to give a similar presentation in last year's Black Hat, though it was canceled at the last minute by Juniper Networks, his employer at the time.

According to Ars Technica, a fully loaded bank ATM can hold up to $600,000. That means, theoretically, a properly planned and executed attack of several nearby ATMs could allow an attacker to make off with millions of dollars before going into hiding. If several episodes such as this were to happen to a bank, it would be disastrous.

So what are the implications of this kind of hack on the computing world? See my take on it in today's editorial.

For more on this story:
- check out this article at Ars Technica
- check out this article at PC World 

Related Articles:
Security researcher to demonstrate ATM hack, rootkit at Black Hat
Researcher finds security vulnerability in WPA2
Many home routers could be vulnerable to web hack
Open-source software libraries could be vulnerable to timing hack