ATM Hacked at PHDays III

  • May 30, 2013

    Foreign experts in physical information security discovered and demonstrated vulnerabilities in bank equipment at the Positive Hack Days III forum, which was held on May 23 and 24 in Moscow. The contest's ATM contained vulnerabilities, one of which gave access to servicing area without a key. The other vulnerability allowed switching the machine into service mode using a common paper clip.

    Later on, a related contest was held at the venue. During a limited period of time the participants were to exploit detected vulnerabilities and reproduce the steps that allowed switching the ATM into service mode.

    Mikhail Elizarov, a first-year student from the North Caucasian Federal University (Nevinnomyssk, Stavropol Krai, Russia) was the first to solve the tasks and so he won the contest.

    The Positive Hack Days participants traditionally pay attention to bank security issues. Besides the contest related to physical security analysis, the $natch competition was hosted during the forum. The partakers needed to find security errors in a remote banking system. The section "Banking Applications and Cybercrimes: Which will Win?" was also held on the second day of the forum. The moderator was Artyom Sychev, Head of Security Service at Russian Agricultural Bank.

    In addition to the ATM security contest, the Positive Technologies specialists Olga Kochetova and Alexey Osipov performed several hands-on labs where the audience learned methods that intruders use to steal money from citizens. The methods include placing an overlay on an ATM keypad or over card/cash slots, placing a tiny spy video camera.

    "They say theater begins at the cloakroom. Then safety begins with physical security. And we should remember that even taking into account the age of ultramodern viruses and cyber weapons we live in. Information about the vulnerabilities, which were exploited during the contest, has been handed over to ATM developers to prepare countermeasures", said Olga Kochetova.

    Mikhail Elizarov also won Choo Choo Pwn, the SCADA security assessment competition that took place during the forum.

    The contest winner and finalists received gifts from Positive Technologies, the PHDays organizer, and from sponsors of the forum. 

Back to the list