A pretty interesting black box daughter board attack on ATM via USB, the crowd cry ATM Hacked! Yah it was, and it was triggered using a mobile phone to actually activate the attack, showing it’s fairly complex and also abstracting the actual attacker from being physically there.
The guy carrying the black box can’t actually perform the attack without whoever has the phone trigger letting it lose.
Carders have jackpotted an ATM by inserting a circuit board into the USB ports of an ATM, tricking it into spitting out cash.
The technique was thought to have emulated the cash dispenser of the ATM so the brains of the machine thought everything was normal, buying additional time for the brazen crooks to make off with the cash.
A Samsung Galaxy S4 was then used by a remote attacker to issue commands to the dispenser, cybercrime scribe Brian Krebs reported.
NCR global security manager Charlie Harrow said the circuit board gives crime lords control, but the folks who install it are not necessarily the real perps.
“… you have the Mr. Big back at the hideout who’s sending the commands, and the mules are the ones at the ATMs,” Harrow said.
“So the mule who has the black box is unable to activate the attack unless he gets the command from the Mr. Big, and the mobile phone is the best way to do that.”
It really reads like something from the movies, some lacky with a black box and a mysterious Dr. Evil somewhere on a desert island triggering the attack from his mobile phone causing the ATM to endlessly spit out $100 bills.
I doubt it was so obvious, but it would be fun wouldn’t it? The black box basically fooled the ATM into thinking the cash dispenser was still attached, pretty clever stuff.
The amount of cash stolen was not revealed.
The mobile phone component also made it difficult for investigators to piece together how the attackers pushed commands through to the cash dispenser.
Investigators were unsure what commands were sent to the dispenser only that they were funneled through the phone.
The type of attacks were increasing, NCR said. Most logical USB port attacks involved malware and only one other had used the type of black box equipment used here.
ATM owners have been urged to avoid stand alone machines where possible, as they are more easily attacked. NCR has updated its encryption scheme so that a key is exchanged between the brains and dispenser after a specific authentication sequence, and hardened firmware preventing thieves from downgrading.
I’m assuming this happened in the US as NCR is quoted (formerly National Cash Register) a US-based computer hardware/software company that provides ATMs and the like.
More details in Krebs article here: Thieves Jackpot ATMs With ‘Black Box’ Attack
Interesting stuff, will have to see if they manage to pop any more ATMs with this technique (if it gets reported that is).
Source: The Register