Advertisement

ATM hack dispenses wads of cash; no credit or debit required

The Tyrupkin malware is unlocks cash machines with a code pressed on the keypad

ATM hack

Moscow-based Kaspersky Labs has discovered that a flaw in ATMs allows hackers to “make it rain” or force the machines to spew wads of cash. Once a series of steps are carried out, hackers need only input a few digits on the keypad and the machines dispense up to 40 notes at once, without requiring any credit or debit card.

The theft is accomplished as follows: hackers pry open the physical cover on the ATM machine and insert a boot disc into its disc tray, containing the virus known as Tyrupkin. Once the malware is installed, the culprit need only enter a specific code followed by a second unique code that’s randomly generated by an algorithm at a different remote location; it’s this second code that “unlocks the machine.” Kasperky Labs published the video below demonstrating the hack.

“Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software,” said Vicente Diaz, principal security researcher at Kaspersky. These devices have grown increasingly sophisticated and miniaturized, allowing the devices to slip right into the card try and wirelessly transmit stolen card info using Bluetooth 4.0.

Everyday users are spared from attacks initiated by Tyrupkin as the hack steals money directly from the ATM, not from their accounts. Fortunately, Interpol has alerted countries in Europe, Latin American, and Asia and is carrying out a sweeping investigation. Kaspersky itself has been hired by an unnamed bank institution to investigate the findings and find a solution. The company advises banks to install an alarm that’s set off when the ATM enclosure is opened.

Security experts have long asserted that ATMs bear poor security protocols, claiming that most run outdated operating systems which are not updated because of financial burden of maintaining so many units. The Tyrupkin virus is not even the first to “make it rain,” considering elited hacker/security expert Barnaby Jack demonstrated a similar technique back in 2010.

 Via BBC

Advertisement



Learn more about Electronic Products Magazine

Leave a Reply