Scrapbook 5 - Banks, ATMs, and Their Users
Hackers Are Emptying ATMs With a Single Drilled Hole and $15 Worth of Gear by Andy Greenberg of Wired (PDF archive)Summary
Kaspersky, a Russian research company, found and reproduced a set of ATM robberies that had presented vulnerabilities in a widely used set of ATMs. ATM hackers drill a hole about the size of a golf ball near the pin pad and connect to the ATMs' hardware with their small computer using a wire. There isn't any authentication between the modules within the ATM, so the attacker can directly access the module that dispenses the cash and then tell it how much to dispense. The only limit is that the ATM will sense that something has gone wrong and reboot. Unfortunately, the ATM could have already dispensed $1,000 and can simply be told to dispense more after it has rebooted.Reason Chosen
Hacking ATM is a new form of bank robbery and it's particularly interesting because of the accessibility. Regular bank hours are pretty limited and there's usually security but ATMs are often left without protection, outdated and vulnerable. Banks and users alike are more vulnerable to losing money and data through these seemingly secure machines.Ethical Implications and Personal and Social Values at Stake
It's pretty obvious that it is not ethical to rob a bank and stealing from ATMs is not different. ATMs are still a fairly new component to our banking system and it can be very difficult to manage new technologies like these. The banks managing these machines have a responsibility to keep them secure and regularly test them for vulnerabilities.As clients to large banks with ATM machines, we're expecting them to protect our data and our money. Everyone should be concerned about hackers accessing these machines because of the very important information (and money!) that they contain. Keeping our banks accountable for protecting our information and upgrading these machines is important.
There have been videos and articles released that help teach the average bank user how to look out for red flags that indicate an ATM has been tampered with but there aren't systems in place (at least that are known to me) for reporting suspected problems. Is this because the banks don't want the users to feel that their software isn't secure? Should we expect more from them or do the users have some responsibility to notify their bank when they notice a potential vulnerability?
Source Credibility
Wired is a well-known, technology-focused magazine based in San Francisco, California that has been active since 1993. They provide detailed articles surrounding relevant issues in technology.Andy Greenberg is a Senior Staff Writer for Wired and previously worked at Forbes.
No comments:
Post a Comment