{"id":13126,"date":"2016-09-29T09:00:44","date_gmt":"2016-09-29T13:00:44","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=13126"},"modified":"2020-12-16T11:03:19","modified_gmt":"2020-12-16T16:03:19","slug":"4-ways-to-hack-atm","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/4-ways-to-hack-atm\/13126\/","title":{"rendered":"4 ways to hack an ATM"},"content":{"rendered":"<p>We have <a href=\"https:\/\/www.kaspersky.com\/blog\/metel-gcman-carbanak\/11236\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">already told<\/a> you about a number of <a href=\"https:\/\/www.kaspersky.com\/blog\/invisible-skimmer-at-atm\/12121\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">hacker groups jackpotting money from ATMs<\/a>. Now you can see it with your own eyes! Our experts shot four videos of ATM hack demos. Disclaimer: No bank was harmed in the process, and we do not recommend you try any of these methods.<\/p>\n<h3>Method 1: Fake processing center<\/h3>\n<p>This method requires an attacker to access a cable connecting the machine to the network. The hacker disconnects the ATM from the bank\u2019s network and then connects it to an appliance that acts as a fake processing center.<\/p>\n<p>The box is used to control the cash trays and send commands to the ATM, requesting money from the chosen tray. It\u2019s as simple as that: The attacker can now use any card or input any PIN code, and the rogue transactions will look legitimate.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/nRbqBLBlLLs?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<h3>Method 2: A remote attack on several ATMs<\/h3>\n<p>This method involves an insider working in the target bank. The criminal purchases a key from the insider that opens the ATM chassis. The key does not give an attacker access to the cash trays, but it exposes the network cable. The hacker disconnects the ATM from the bank\u2019s network and plugs in a special appliance that sends all of the data to their own server.<\/p>\n<p>Networks connecting ATMs are often not segmented (separated for security), and ATMs themselves can be configured incorrectly. In that case, with such a device a hacker could compromise several ATMs at once, even if the malicious device is connected to only one of them.<\/p>\n<p>The rest of the attack is carried out just as described in Method 1: A fake processing center is installed on the server, and the attacker gains full control over the ATMs. Using any card, a criminal can withdraw all of the cash from an ATM, regardless of the model. The only thing the ATMs need to have in common for this method to work is the protocol they use to connect to the processing center.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/N9DjtYO-coo?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<h3>Method 3: The black box attack<\/h3>\n<p>As previously described, the attacker obtains the key to the ATM chassis and accesses it, but this time puts the machine into maintenance mode. Then the hacker plugs a so-called black box into the exposed USB port. A black box in this case is a device that allows an attacker to control the ATM\u2019s cash trays.<\/p>\n<p>While the attacker tampers with the ATM, its screen displays a service message like \u201cMaintenance in progress\u201d or \u201cOut of service,\u201d although in reality the ATM can still draw cash. Moreover, the black box can be controlled wirelessly via a smartphone. The hacker just taps a button on the screen to get the cash and then disposes of the black box to hide the evidence that the machine was compromised.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/3HYA0MvizpM?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<h3>Method 4: Malware attack<\/h3>\n<p>There are two ways to infect a target ATM with malware: by inserting a malware-laced USB drive into the port (requiring the key to the ATM chassis) or by infecting the machine remotely, having first compromised the bank\u2019s network.<\/p>\n<p>If the target ATM is not protected against malware or does not employ allowlists, a hacker can run malware to send commands to the ATM and make it dispense cash, repeating the attack until the cash trays are empty.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/XokG7HNVt20?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>Of course, not all ATMs are hackable. The attacks described above are feasible only if something is misconfigured. It could be that the bank\u2019s network is not segmented, or authentication is not required when the ATM\u2019s software exchanges data with the hardware, or there is no list of permitted apps, or the network cable is easily accessible.<\/p>\n<p>Unfortunately, such problems are rather common. For example, they allowed attackers infect a number of ATMs with the <a href=\"https:\/\/www.kaspersky.com\/blog\/tyupkin-atm-malware\/6246\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Tyupkin Trojan<\/a>. Experts at Kaspersky Lab are always <a href=\"https:\/\/www.kaspersky.com\/enterprise-security\/intelligence-services\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">ready to help<\/a> banks fix these issues: We offer consulting services and can audit a bank\u2019s infrastructure and test it for resilience to attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How are criminals able to hack ATMs and get away with money? Here are four videos that show how ATMs can be vulnerable.<\/p>\n","protected":false},"author":696,"featured_media":13127,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2684],"tags":[1431,722,899,1435,352,818,58],"class_list":{"0":"post-13126","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-special-projects","9":"tag-atms","10":"tag-banks","11":"tag-hack","12":"tag-jackpotting","13":"tag-kaspersky-lab","14":"tag-money","15":"tag-video"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/4-ways-to-hack-atm\/13126\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/4-ways-to-hack-atm\/5599\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/4-ways-to-hack-atm\/7720\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/4-ways-to-hack-atm\/7725\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/4-ways-to-hack-atm\/7776\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/4-ways-to-hack-atm\/9198\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/4-ways-to-hack-atm\/9056\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/4-ways-to-hack-atm\/13215\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/4-ways-to-hack-atm\/2520\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/4-ways-to-hack-atm\/6598\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/4-ways-to-hack-atm\/5567\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/4-ways-to-hack-atm\/8816\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/4-ways-to-hack-atm\/12724\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/4-ways-to-hack-atm\/13215\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/4-ways-to-hack-atm\/13126\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/4-ways-to-hack-atm\/13126\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/money\/","name":"money"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/13126","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/696"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=13126"}],"version-history":[{"count":10,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/13126\/revisions"}],"predecessor-version":[{"id":38084,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/13126\/revisions\/38084"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/13127"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=13126"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=13126"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=13126"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}