ATM Hacked Using Samsung Galaxy S4 & USB Port

Outsmart Malicious Hackers

A pretty interesting black box daughter board attack on ATM via USB, the crowd cry ATM Hacked! Yah it was, and it was triggered using a mobile phone to actually activate the attack, showing it’s fairly complex and also abstracting the actual attacker from being physically there.

ATM Hacked Using Samsung Galaxy S4 & USB Port

The guy carrying the black box can’t actually perform the attack without whoever has the phone trigger letting it lose.

Carders have jackpotted an ATM by inserting a circuit board into the USB ports of an ATM, tricking it into spitting out cash.

The technique was thought to have emulated the cash dispenser of the ATM so the brains of the machine thought everything was normal, buying additional time for the brazen crooks to make off with the cash.

A Samsung Galaxy S4 was then used by a remote attacker to issue commands to the dispenser, cybercrime scribe Brian Krebs reported.

NCR global security manager Charlie Harrow said the circuit board gives crime lords control, but the folks who install it are not necessarily the real perps.

“… you have the Mr. Big back at the hideout who’s sending the commands, and the mules are the ones at the ATMs,” Harrow said.

“So the mule who has the black box is unable to activate the attack unless he gets the command from the Mr. Big, and the mobile phone is the best way to do that.”

It really reads like something from the movies, some lacky with a black box and a mysterious Dr. Evil somewhere on a desert island triggering the attack from his mobile phone causing the ATM to endlessly spit out $100 bills.

I doubt it was so obvious, but it would be fun wouldn’t it? The black box basically fooled the ATM into thinking the cash dispenser was still attached, pretty clever stuff.

The amount of cash stolen was not revealed.

The mobile phone component also made it difficult for investigators to piece together how the attackers pushed commands through to the cash dispenser.

Investigators were unsure what commands were sent to the dispenser only that they were funneled through the phone.

The type of attacks were increasing, NCR said. Most logical USB port attacks involved malware and only one other had used the type of black box equipment used here.

ATM owners have been urged to avoid stand alone machines where possible, as they are more easily attacked. NCR has updated its encryption scheme so that a key is exchanged between the brains and dispenser after a specific authentication sequence, and hardened firmware preventing thieves from downgrading.

I’m assuming this happened in the US as NCR is quoted (formerly National Cash Register) a US-based computer hardware/software company that provides ATMs and the like.

More details in Krebs article here: Thieves Jackpot ATMs With ‘Black Box’ Attack

Interesting stuff, will have to see if they manage to pop any more ATMs with this technique (if it gets reported that is).

Source: The Register

Posted in: Exploits/Vulnerabilities, Hardware Hacking


Latest Posts:

GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.
QualysGuard - Vulnerability Management Tool QualysGuard – Vulnerability Management Tool
QualysGuard is a web-based vulnerability management tool provided by Qualys, Inc, which was the first company to deliver vulnerability management services as a SaaS-based web-service.
Memcached DDoS Attacks Will Be BIG In 2018 Memcached DDoS Attacks Will Be BIG In 2018
So after the massive DDoS attack trend in 2016 it seems like 2018 is going to the year of the Memcached DDoS amplification attack with so many insecure Memcached servers available on the public Internet.
libsodium - Easy-to-use Software Library For Encryption libsodium – Easy-to-use Software Library For Encryption
Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API.
XSStrike - Advanced XSS Fuzzer & Exploitation Suite XSStrike – Advanced XSS Fuzzer & Exploitation Suite
XSStrike is an advanced XSS detection suite, which contains a powerful XSS fuzzer and provides zero false positive results using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads.

Comments are closed.