ATM Hacked Using Samsung Galaxy S4 & USB Port

Keep on Guard!


A pretty interesting black box daughter board attack on ATM via USB, the crowd cry ATM Hacked! Yah it was, and it was triggered using a mobile phone to actually activate the attack, showing it’s fairly complex and also abstracting the actual attacker from being physically there.

ATM Hacked Using Samsung Galaxy S4 & USB Port

The guy carrying the black box can’t actually perform the attack without whoever has the phone trigger letting it lose.

Carders have jackpotted an ATM by inserting a circuit board into the USB ports of an ATM, tricking it into spitting out cash.

The technique was thought to have emulated the cash dispenser of the ATM so the brains of the machine thought everything was normal, buying additional time for the brazen crooks to make off with the cash.

A Samsung Galaxy S4 was then used by a remote attacker to issue commands to the dispenser, cybercrime scribe Brian Krebs reported.

NCR global security manager Charlie Harrow said the circuit board gives crime lords control, but the folks who install it are not necessarily the real perps.

“… you have the Mr. Big back at the hideout who’s sending the commands, and the mules are the ones at the ATMs,” Harrow said.

“So the mule who has the black box is unable to activate the attack unless he gets the command from the Mr. Big, and the mobile phone is the best way to do that.”


It really reads like something from the movies, some lacky with a black box and a mysterious Dr. Evil somewhere on a desert island triggering the attack from his mobile phone causing the ATM to endlessly spit out $100 bills.

I doubt it was so obvious, but it would be fun wouldn’t it? The black box basically fooled the ATM into thinking the cash dispenser was still attached, pretty clever stuff.

The amount of cash stolen was not revealed.

The mobile phone component also made it difficult for investigators to piece together how the attackers pushed commands through to the cash dispenser.

Investigators were unsure what commands were sent to the dispenser only that they were funneled through the phone.

The type of attacks were increasing, NCR said. Most logical USB port attacks involved malware and only one other had used the type of black box equipment used here.

ATM owners have been urged to avoid stand alone machines where possible, as they are more easily attacked. NCR has updated its encryption scheme so that a key is exchanged between the brains and dispenser after a specific authentication sequence, and hardened firmware preventing thieves from downgrading.

I’m assuming this happened in the US as NCR is quoted (formerly National Cash Register) a US-based computer hardware/software company that provides ATMs and the like.

More details in Krebs article here: Thieves Jackpot ATMs With ‘Black Box’ Attack

Interesting stuff, will have to see if they manage to pop any more ATMs with this technique (if it gets reported that is).

Source: The Register

Posted in: Exploits/Vulnerabilities, Hardware Hacking

,


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Comments are closed.