At Black Hat USA 2010 security conference in Las Vegas, Barnaby Jack from IOActive showing off techniques for “Jackpotting” Windows CE-based ATMs. “Jackpot!” That’s the message that was displayed on the screen of an ATM as it spewed its entire reservoir of cash across the stage at the Caesars Palace Hotel and Casino in Las Vegas Wednesday after a hacker easily bypassed its security features.
First method involved ordering a $10 master key online to physically unlock a panel on front of the ATM, whereupon Jack gained access to device’s USB port. At Black Hat, Jack plugged his own USB stick preloaded with malicious code of his own design into machine (manufactured by Triton), forcing it to dispense all of the money contained within.
Second, Jack’s remote hack of a machine manufactured by Tranax over a wireless Internet connection that really stole the show. He said all that was needed to accomplish this was knowledge of ATM’s phone number or IP address and a way to get past the password, reports Wired. Of course, this technique has its own sexy code name: “Dillinger.