ATM makers patch Black Hat cash-dispensing flaw

Two automated teller machine (ATM) manufacturers have shipped patches to block the cash-dispensing attack demonstrated by researcher Barnaby Jack at this year's Black Hat conference.

Two automated teller machine (ATM) manufacturers have shipped patches to block the cash-dispensing attack demonstrated by researcher Barnaby Jack at this year's Black Hat conference.

Hantle (formerly Tranax) and Triton released separate bulletins to address the issue, which lets a remote hacker overwrite the machine’s internal operating system, take complete control of the ATM and send commands for it to spew cash on demand.

[ SEE: Hacker breaks into ATMs, dispenses cash remotely ]

follow Ryan Naraine on twitter
At the Black Hat conference, Jack demonstrated two different attacks against Windows CE-based ATMs -- a physical attack using a master key purchased on the Web and a USB stick to overwrite the machine’s firmware; and a remote attack that exploited a flaw in the way ATMs authenticate firmware upgrades.

The patches apply to the following machines:

  • Any Triton ATM machine with X2 platform purchased before November 16, 2009
  • Any Triton ATM machine with X Scale platform
  • Hantle 1700W ATM machines with application version V02.01.12 or earlier
  • Hantle C4000 ATM machines with application version V02.01.12 or earlier
  • Hantle 4000T ATM machines with application version V02.01.12 or earlier

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All