(770) 424-3393 Facebook logo Twitter logo Linkedin logo YouTube 001 gplus RSS feed

Carceron Blog

Carceron has been serving the Atlanta area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

New ATM Hack Can Steal $50,000 in 15 Minutes!

New ATM Hack Can Steal $50,000 in 15 Minutes!

You might recall getting a notice from your bank that you’ve been issued a new debit and credit card, one with a chip built into it for enhanced security. There are ATMs out there created specifically for use with these chips, but the same technology created to protect user credentials is now being used to steal them for fraudulent withdrawals.

Weston Hecker, a senior security consultant at the cybersecurity firm Rapid7, spoke at the Black Hat conference in Las Vegas, and demonstrated the technique. It can reportedly steal up to $50,000 out of a single ATM in under 15 minutes. While there had been problems with ATMs running older operating systems, like Windows XP, this is an entirely different problem. The reasoning: these ATMs are brand spanking new, and designed to take advantage of the latest chip-security technology. So, you can understand why there’s such a cause for concern in this case.

The exploit requires a $2,000 kit to install, but compared to the potential gains, this is a small price to pay. Hackers can alter an ATM by adding a device to the terminal. Specifically, it’s placed in between the ATM user’s card chip, and the roof of the area where the card is inserted. This data is then read--including the PIN--and transferred to the criminal, who could be hundreds of miles away. The hacker can download this data to their smartphone and use the card details to withdraw money from any ATM system.

Once this has happened, the hacker can order the machine to constantly withdraw funds to steal an exorbitant sum. Granted, they have to do this near an unattended machine, or one which is remote enough that nobody would notice (or care) that someone was messing with it, but the point stands that the hacker can steal huge amounts of money with relatively little effort.

There are some drawbacks to this method, though. For one, a hacker probably won’t be able to use the spoofed credentials for a very long time; at least, not until the user has caught on to their scheme and thwarted it by contacting their bank. Second of all, the hacker needs to find a way to bypass the security cameras that are inevitably located within each and every ATM they’ll encounter, and that’s not mentioning all of the other security cameras in the area that are monitoring the ATM.

Still, despite the challenges, hackers could have a field day with this vulnerability. Rapid7 has fully disclosed the details of the vulnerability to the manufacturers, but hasn’t made the details public, out of fear that the details could put more people at risk. The idea is to give the manufacturers time to resolve the issue, before hackers find a way around these fixes.

In general, it’s a good practice to always monitor your bank accounts, and to report any suspicious behavior to your bank. Additionally, it’s important that you never hand over your banking credentials to anyone for any reason--particularly a sketchy email from your “bank” asking you to confirm your credentials. These are known as phishing scams, and they try to use your trusting nature against you.

Additionally, never input credentials into unsecured websites. Any websites that you need to use your credit card credentials on should have encryption protocol in place to hide your information from hackers. You need to be very deliberate about avoiding websites that look like they may be trying to steal your data.

For more information about how to keep your financial records secure, reach out to Carceron at (770) 424-3393.


No comments yet
Already Registered? Login Here
Monday, 24 October 2016
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Tag Cloud

Security Technology Best Practices Privacy Tip of the Week Internet Microsoft Business Management Managed Service Provider Software Cloud Workplace Tips Backup Saving Money Data Small Business Hardware Productivity Hackers Gadgets Mobile Office Business Computing Business Email Malware Hosted Solutions Google Quick Tips IT Services Social Media IT Support Virtualization Upgrade Mobile Devices Business Continuity Passwords Users Smartphones Disaster Recovery Microsoft Office Network Windows VoIP WiFi Server Miscellaneous Innovation User Tips Mobile Device Management Windows 10 Computer Mobile Computing Communication Vendor Management Smartphone Efficiency Operating System Remote Computing BYOD Unified Threat Management Marketing Apps The Internet of Things History Holiday Ransomware Bring Your Own Device Health IT Consultant Android Facebook Analytics Apple Windows 8 Alert Going Green Wireless Technology Lithium-ion Battery Big data Outlook Office Network Security Printer Content Filtering Information Technology Saving Time Tech Support Hard Drives Data Management Save Money Phishing Firewall Employer-Employee Relationship Gmail Collaboration Remote Monitoring Spam Hiring/Firing Best Practice Automation Computers Search Antivirus Browser Humor Smart Phones Computer Repair Save Time Bandwidth Maintenance Proactive IT Tutorials App Current Events Fax Server Mobile Device Hacking PowerPoint User Help Desk User Error Managed IT services Sports Avoiding Downtime Intranet Virus Router Business Intelligence Education iPhone Hacker Budget Administration Internet of Things Document Management Black Market Money Phone System Two-factor Authentication Excel Wireless Running Cable Website Networking Virtual Desktop Managed IT BDR Network Congestion Experience End of Support Artificial Intelligence Heating/Cooling Twitter Social Networking Law Enforcement Digital Payment Customer Relationship Management Bluetooth Outsourced IT Computer Accessories Legal Laptop Data storage Comparison Office 365 Augmented Reality Company Culture Safety Inbound Marketing Social Cost Management Flexibility Text Messaging VPN Customer Service Office Tips Downtime Government Computing USB Comanaged IT Recovery Cybercrime Password Programming Chrome Hosted Solution Cortana Pain Points Printer Server SaaS Presentation Risk Management Processors Gaming Console IBM communications Telephone Systems Documents Compliance Thin Client Retail Business Growth Statistics Streaming Media Encryption Net Neutrality 3D Displays Advertising Chromebook Business Owner Turn Key Drones Domains eWaste File Sharing YouTube Work/Life Balance Touchscreen Co-Managed IT Specifications Environment Writing Unified Communications Competition Harddrive Download LinkedIn Entertainment Adminstration Analytic Staffing Wearable Technology Riske Management switches Permissions Mouse Application Paperless Office Digital Signature Microchip Google Docs Operating Systerm Disaster Regulations Solid State Drive Identity Theft DDoS Hacks Securty Display IT consulting Ebay Society Tablet Virtual Reality Notifications Micrsooft Efeciency Pirating Information Word IT service Content Management Windows XP HIPAA Recycling Skype Public Speaking External Harddrive Computing Infrastructure Electronic Payment Robot CIO Entrepreneur Memory Archive Teamwork Update organize Music Wi-Fi Upgrades Video Surveillance Webinar Flash Best Available Online currency Storage Trending IP Address Human Resources Deep Learning Point of Sale Read Debate Keyboard Settings Value LiFi Banking GPS PDF Monitors Lifestyle Shortcut Language Adroid Visible Light Communication Business Metrics Troubleshooting Microserver Google Wallet Leadership

Mobile? Grab this Article!


Recent Comments

No comments yet.

Blog Archive