It’s been a while since I’ve blogged on a security topic, but this one caught my eye today: researchers in Germany have revealed an intriguing new ATM exploit. In the past I’ve written about skimmers, devices installed on ATMs to steal card codes from ATM cards. Now thieves are targeting the ATMs directly, instead of user accounts.

…hackers have to physically cut holes into ATMs, then plug in USB drives that install code onto the cash dispenser.

Once the exploit has been installed, the attacker types in a 12-digit access code, selects the denominations to dispense, and voila! Payday! There’s even a non-collusion mechanism built in:

…the criminal at the cash point had to call another gang member for a numerical code to input before they could grab the bank notes.

Obviously, this sort of exploit would have to be targeted specifically at a particular ATM maker, maybe at a given software release, and perhaps even at a particular bank, if the bank was to customize the ATM code at all.

Still, somehow I feel safer that it’s not my bank account that’s being attacked, it’s the ATM itself. At least I don’t have to explain why my card and code were used, when in fact they were stolen.

[ BBC via Gizmodo ]


WP Themes