Saturday, July 31, 2010

Hacking ATMs - "Gangsta style" with Dillinger

This is very interesting using home-brewed software tools and exploiting a gaping security hole in the authentication mechanism used to update the firmware on automated teller machines (ATMs), a security researcher hacked into ATMs made by Triton and Tranax and planted a rootkit that dispensed cash on demand. Barnaby Jack, Director of Research at IOActive Labs, used a laptop with a custom-built software tool called “Dillinger” (named after the famous bank robber) to overwrite the machine’s internal operating system, take complete control of the ATM and send commands for it to spew cash on demand.  At Black Hat, Jack demonstrated two different attacks against Windows CE-based ATMs:

(1) a physical attack using a master key purchased on the Web and a USB stick to overwrite the machine’s firmware;

(2) a remote attack that exploited a flaw in the way ATMs authenticate firmware upgrades.

He suggested that a skilled hacker could exploit these weaknesses if ATM manufacturers continue to create software with gaping security holes. Although the attacks were demonstrated against ATMs made by Tranax and Triton, Jack warned that his attacks could have been performed against a wide variety of ATM brands and called on the financial services sector to invest in code reviews, blackbox audits and penetration tests. Many ATMs are protected by a master key that can be bought for $10.78 on hundreds of web sites.  ”With this master key, I can walk up to a secluded ATM and have access to USB [and] SD/CF slots.

The most impressive attack, which used the “Dillinger remote ATM attack/admin tool, was done via a laptop connected to the ATM.  It launched an exploit against an authentication bypass vulnerability in the ATM’s remote monitoring feature (this is enabled by default on all ATMs) and allowed the hacker to retrieve ATM settings, master passwords, receipt data and the location and name of the business hosting the ATM.
The Dillinger tool comes with a graphical UI that includes features to “Retrieve Track Data,” or simply “Jackpot!”.   A click of the Jackpot button and the commandeered ATM starts spewing cash on demand. Bingo!..

If someone inserts a ATM card on that machine, It can capture and save the track data remotely, also, the rootkit runs on a device hidden in the background.   The rootkit even sets up a hidden pop-up menu that can be activated by special key sequence. The menu functions included instructions to “dispense cash from each cassette,” “print stats on remaining bill counts,” and “Exit!”

4 comments:

Prophet Eve said...

I often wonder if this was either the same/similar method that the 7-eleven hacker used??? Very interested, if they can do that for money makes what else is out there...viral attacks....literally??? Keep up the interesting topics....cant find it anywhere else.

7h3 Ð4R|{ 0N3 said...

The TJX Heartland (7 Eleven, Hannford stores) attack was based upon SQL injection, this is a rootkit in windows CE..

premankampus said...

nice inpoh bro wkakkaka

Unknown said...

I was searching for a loan to sort out my bills & debts, then I saw comments about cloned ATM Credit Cards that can be hacked to withdraw money from any ATM machines around you . I doubted this but decided to give it a try by contacting {skylinktechnes@yahoo.com} they responded with their guidelines on how the card works. I was assured that the card can withdraw $5,000 instant per day & was credited with $50,000 so i requested for one & paid the delivery fee to obtain the card, i was shock to see the UPS agent in my resident with a parcel{card} i signed and went back inside and confirmed the card works at the atm machine closest to me. This is no doubt because I have the card & have made use of the card countless times without any complaints. These hackers are USA based hackers set out to help people with financial freedom!! Contact these email if you wants to get rich with this Via email skylinktechnes@yahoo.com whatsapp/t: +1(213)785-1553