(770) 424-3393 Facebook logo Twitter logo Linkedin logo YouTube 001 gplus RSS feed

Carceron Blog

Carceron has been serving the Atlanta area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

New ATM Hack Can Steal $50,000 in 15 Minutes!

New ATM Hack Can Steal $50,000 in 15 Minutes!

You might recall getting a notice from your bank that you’ve been issued a new debit and credit card, one with a chip built into it for enhanced security. There are ATMs out there created specifically for use with these chips, but the same technology created to protect user credentials is now being used to steal them for fraudulent withdrawals.

Weston Hecker, a senior security consultant at the cybersecurity firm Rapid7, spoke at the Black Hat conference in Las Vegas, and demonstrated the technique. It can reportedly steal up to $50,000 out of a single ATM in under 15 minutes. While there had been problems with ATMs running older operating systems, like Windows XP, this is an entirely different problem. The reasoning: these ATMs are brand spanking new, and designed to take advantage of the latest chip-security technology. So, you can understand why there’s such a cause for concern in this case.

The exploit requires a $2,000 kit to install, but compared to the potential gains, this is a small price to pay. Hackers can alter an ATM by adding a device to the terminal. Specifically, it’s placed in between the ATM user’s card chip, and the roof of the area where the card is inserted. This data is then read--including the PIN--and transferred to the criminal, who could be hundreds of miles away. The hacker can download this data to their smartphone and use the card details to withdraw money from any ATM system.

Once this has happened, the hacker can order the machine to constantly withdraw funds to steal an exorbitant sum. Granted, they have to do this near an unattended machine, or one which is remote enough that nobody would notice (or care) that someone was messing with it, but the point stands that the hacker can steal huge amounts of money with relatively little effort.

There are some drawbacks to this method, though. For one, a hacker probably won’t be able to use the spoofed credentials for a very long time; at least, not until the user has caught on to their scheme and thwarted it by contacting their bank. Second of all, the hacker needs to find a way to bypass the security cameras that are inevitably located within each and every ATM they’ll encounter, and that’s not mentioning all of the other security cameras in the area that are monitoring the ATM.

Still, despite the challenges, hackers could have a field day with this vulnerability. Rapid7 has fully disclosed the details of the vulnerability to the manufacturers, but hasn’t made the details public, out of fear that the details could put more people at risk. The idea is to give the manufacturers time to resolve the issue, before hackers find a way around these fixes.

In general, it’s a good practice to always monitor your bank accounts, and to report any suspicious behavior to your bank. Additionally, it’s important that you never hand over your banking credentials to anyone for any reason--particularly a sketchy email from your “bank” asking you to confirm your credentials. These are known as phishing scams, and they try to use your trusting nature against you.

Additionally, never input credentials into unsecured websites. Any websites that you need to use your credit card credentials on should have encryption protocol in place to hide your information from hackers. You need to be very deliberate about avoiding websites that look like they may be trying to steal your data.

For more information about how to keep your financial records secure, reach out to Carceron at (770) 424-3393.


No comments yet
Already Registered? Login Here
Tuesday, 27 September 2016
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Tag Cloud

Security Technology Best Practices Privacy Internet Microsoft Tip of the Week Business Management Managed Service Provider Software Workplace Tips Cloud Backup Saving Money Hardware Data Small Business Productivity Gadgets Hackers Mobile Office Business Computing Business Email Hosted Solutions Google IT Services Quick Tips Malware Social Media IT Support Virtualization Upgrade Mobile Devices Passwords Business Continuity Users Smartphones Windows Microsoft Office Network WiFi Server Disaster Recovery Innovation VoIP Miscellaneous Computer User Tips Communication Efficiency Mobile Computing Mobile Device Management Windows 10 Vendor Management Smartphone Operating System Unified Threat Management The Internet of Things Marketing BYOD Apps Holiday Remote Computing Analytics Health History IT Consultant Facebook Android Going Green Windows 8 Bring Your Own Device Wireless Technology Ransomware Apple Alert Tech Support Content Filtering Information Technology Saving Time Hard Drives Outlook Lithium-ion Battery Big data Office Printer Network Security Spam Data Management Firewall Save Money Collaboration Phishing Employer-Employee Relationship Gmail Remote Monitoring Maintenance Tutorials Computer Repair Save Time Bandwidth Proactive IT Hiring/Firing Best Practice Automation Computers Search Humor Browser Antivirus Smart Phones Education Excel iPhone Budget Internet of Things App Current Events Document Management Mobile Device Two-factor Authentication Money Phone System Wireless Running Cable Fax Server User Error Hacking Avoiding Downtime User PowerPoint Help Desk Router Managed IT services Sports Administration Intranet Business Intelligence Chrome Hosted Solution Cortana SaaS Presentation Risk Management Processors IBM communications Black Market Documents Compliance Thin Client Business Growth Retail Statistics Encryption Streaming Media Website Net Neutrality Networking Virtual Desktop Network Congestion Experience End of Support Inbound Marketing Heating/Cooling Artificial Intelligence Social Networking Digital Payment Customer Relationship Management Bluetooth Laptop Computer Accessories Legal Comanaged IT Data storage Comparison Augmented Reality Safety Company Culture Text Messaging Pain Points Social Flexibility Cost Management VPN Printer Server Office Tips Customer Service Downtime Gaming Console Computing Government USB Virus Recovery Cybercrime Password Programming Pirating Information IT service Word Windows XP Content Management HIPAA Recycling Skype Computing Infrastructure Public Speaking Robot Electronic Payment CIO GPS Memory Entrepreneur Archive Teamwork Update Wi-Fi Hacker Music Microserver Upgrades Video Surveillance 3D Flash Best Available Online currency Storage Trending Telephone Systems IP Address Turn Key Human Resources Deep Learning Point of Sale Read Debate Settings Keyboard LiFi Value Banking Monitors PDF Adroid Lifestyle Language Shortcut Visible Light Communication Google Wallet Troubleshooting Leadership Business Metrics Harddrive Adminstration Displays Managed IT Advertising Domains Drones BDR Business Owner Chromebook eWaste YouTube File Sharing Touchscreen Co-Managed IT Work/Life Balance Law Enforcement Specifications Twitter Writing Environment Outsourced IT Competition Unified Communications Office 365 LinkedIn Entertainment Staffing Analytic Download switches Wearable Technology Riske Management Digital Signature Mouse Paperless Office Application Permissions Google Docs Disaster Operating Systerm External Harddrive Microchip Regulations Identity Theft Solid State Drive organize DDoS Securty Ebay IT consulting Display Tablet Webinar Virtual Reality Society Micrsooft Efeciency

Mobile? Grab this Article!


Recent Comments

No comments yet.

Blog Archive