madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

ATM makers patch Black Hat cash-dispensing flaw

By | August 23, 2010, 12:14pm PDT

Summary: Two automated teller machine (ATM) manufacturers have shipped patches to block the cash-dispensing attack demonstrated by researcher Barnaby Jack at this year’s Black Hat conference.

Two automated teller machine (ATM) manufacturers have shipped patches to block the cash-dispensing attack demonstrated by researcher Barnaby Jack at this year’s Black Hat conference.

Hantle (formerly Tranax) and Triton released separate bulletins to address the issue, which lets a remote hacker overwrite the machine’s internal operating system, take complete control of the ATM and send commands for it to spew cash on demand.

[ SEE: Hacker breaks into ATMs, dispenses cash remotely ]

follow Ryan Naraine on twitter At the Black Hat conference, Jack demonstrated two different attacks against Windows CE-based ATMs — a physical attack using a master key purchased on the Web and a USB stick to overwrite the machine’s firmware; and a remote attack that exploited a flaw in the way ATMs authenticate firmware upgrades.

The patches apply to the following machines:

  • Any Triton ATM machine with X2 platform purchased before November 16, 2009
  • Any Triton ATM machine with X Scale platform
  • Hantle 1700W ATM machines with application version V02.01.12 or earlier
  • Hantle C4000 ATM machines with application version V02.01.12 or earlier
  • Hantle 4000T ATM machines with application version V02.01.12 or earlier

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Black Hat, Automated Teller Machine, Flaw, Banking, ATM, Patches, Financial Services, Finance, Networking, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Talkback Most Recent of 3 Talkback(s)

  • RE: ATM makers patch Black Hat cash-dispensing flaw
    Funny but my grandma still goes into the bank, still writes checks and doesnt believe in direct deposit or auto-pay...

    As we get more automated, we get robbed... lol

    It was only a matter of time that we figured out how to hack atm machines, like John Conner did in T2... Dam you JOHN CONNER and your sweet technology...!! hahahah
    ZDNet Gravatar
    cfithian@...
    23rd Aug 2010
  • RE: ATM makers patch Black Hat cash-dispensing flaw
    @cfithian@...
    and Grandma gets to see and talk to folks face to face, gets some fresh air, sees things most of us have forgotten exists, like the 'sky' (the yellow thing in it's called the 'sun' apparently).

    Progress sucks sometimes.
    ZDNet Gravatar
    AndyPagin
    24th Aug 2010
  • RE: ATM makers patch Black Hat cash-dispensing flaw
    Yep, I bring my mom, who is 83, to the bank once a month. My sister pays most of my mom's bills online (Mom & I live in RI, sis in FL), but she still likes to go to the bank to cash/deposit her pension and rent-income checks. She absolutely refuses to do direct deposit.
    ZDNet Gravatar
    MGP2
    23rd Aug 2010

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
Click Here