Two automated teller machine (ATM) manufacturers have shipped patches to block the cash-dispensing attack demonstrated by researcher Barnaby Jack at this year's Black Hat conference.
Hantle (formerly Tranax) and Triton released separate bulletins to address the issue, which lets a remote hacker overwrite the machine’s internal operating system, take complete control of the ATM and send commands for it to spew cash on demand.At the Black Hat conference, Jack demonstrated two different attacks against Windows CE-based ATMs -- a physical attack using a master key purchased on the Web and a USB stick to overwrite the machine’s firmware; and a remote attack that exploited a flaw in the way ATMs authenticate firmware upgrades.
The patches apply to the following machines:
- Any Triton ATM machine with X2 platform purchased before November 16, 2009
- Any Triton ATM machine with X Scale platform
- Hantle 1700W ATM machines with application version V02.01.12 or earlier
- Hantle C4000 ATM machines with application version V02.01.12 or earlier
- Hantle 4000T ATM machines with application version V02.01.12 or earlier