Earlier this week, I reported about security research Barnaby Jack showing how to hack two different automated teller machines in front of a crowd of hackers and security professionals at the Black Hat security conference in Las Vegas. Now you can see video footage of Jack responding to questions following his demonstration.
(See our roundup of all Black Hat and Defcon stories).
The two videos below show the Q&A session that took place immediately after he hacked two different Windows CE-based ATMs. During the Q&A, an engineer for one of the ATM companies, Triton, got up and offered some answers about his company’s efforts to patch the vulnerabilities that Jack pointed out on stage.
Jack was scheduled to give the talk a year ago, but it was canceled after an ATM vendor objected to his then-employer, Juniper Networks. This year, Jack switched jobs to IOActive. The ease with which he hacked the machines should be a wake-up call for banks.
Jack showed how you could walk up to an ATM, break into it using a common universal key, and then use a universal serial bus (USB) stick to load a rootkit, or hacking software, that could compromise the machine’s security. On stage, he showed how he could run a program that could talk over the machines and get them to display “jackpot!” on the ATM screen and then spit out bills.