A security researcher says he plans to reveal security vulnerabilities of two types of ATM along with a new ATM rootkit.
Barnaby Jack was originally due to give the talk, called Jackpotting Automated Teller Machines, at Black Hat USA 2009.
The talk was pulled – but he’s now got a new employer who’s a little less uptight about its contents, and it will finally take place a year late at the Black Hat Las Vegas conference in July.
“The upside to this is that there has been an additional year to research ATM attacks, and I’m armed with a whole new bag of tricks,” says Jack.
“I’ve always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine. I think I’ve got that kid beat.”
Most attacks on ATMs involve the use of card skimmers, or the physical theft of the machines themselves. Targeted attacks on the underlying software are rare.
“Last year, there was one ATM; this year, I’m doubling down and bringing two new model ATMs from two major vendors,” promises Jack.
“I will demonstrate both local and remote attacks, and I will reveal a multi-platform ATM rootkit. Finally, I will discuss protection mechanisms that ATM manufacturers can implement to safeguard against these attacks.”