Sign up to our newsletter
Thieves have managed to extract money from an ATM with just a Samsung Galaxy S4, a circuit board and the machine’s USB based circuitboard reports Krebs on Security.
This particular hack – a ‘black box’ attack, requires physical access to the top of the cash machine, and involved removing the cash dispensing part from the core computer controlling the device. The thieves then simply need to attach their own core, and the computer can be instructed to dispense as many notes as requested by the cybercriminals. A Samsung Galaxy S4 smartphone was used to issue instructions to the machine to complete the cybercrime.
This specific attack included an extra step – plugging a USB based circuit board into the controller. “They didn’t have to do this but our guess is they thought this component would buy them some time,” explained Charlie Harrow, solutions manager for global security at NCR, speaking to Brian Krebs.
The smartphone used to issue the instructions was set up in such a way that it relayed commands through a dynamic IP service, meaning that the attacker sending the commands was working remotely, away from the machine. The reasoning for this, Harrow suspects, is so that the thief managing the heist can maintain control: “You have the Mr. Big back at the hideout who’s sending the commands, and the mules are the ones at the ATMs,” he speculated. “So the mule who has the black box is unable to activate the attack unless he gets the command from the Mr. Big, and the mobile phone is the best way to do that.”
Consumerist explains that NCR, the manufacturer of the machine, “wanted to publicize this attempted heist to point out to store and banks that whenever possible, they should really consider mounting their ATMs on a wall instead of making them standalone units.”
The Register notes that the amount of cash stolen was not revealed, but that NCR has “updated its encryption scheme so that a key is exchanged between the brains and dispenser after a specific authentication sequence, and hardened firmware preventing thieves from downgrading.”
Author Alan Martin, ESET