“It’s time to give these devices an overhaul,” Jack said. “The goal of the talk is to spark discussion on the best ways to remediate,” he said. Jack’s tools are just proof-of-concept software, designed to show how vulnerable the machines really are, he said. Criminals have already used a similar technique over the Internet to break into vulnerable point-of-sale systems. He also developed an online management tool, called Dillinger, that can keep track of compromised machines and store data stolen from people who use them.Ĭriminals could find vulnerable ATMs by using open-source “war-dialling” software to call hundreds of thousands of numbers, looking for those that respond by saying they have the vulnerable management software installed. After experimenting with his own machines, Jack developed a way of bypassing the remote authentication system and installing a homemade rootkit, named Scrooge, that lets him override the machine’s firmware.
0 Comments
Leave a Reply. |