Barnaby Jack showed a live demonstration of how he hacked two different Windows CE-based ATMs on stage during a talk this afternoon at the Black Hat security conference in Las Vegas. Jack was scheduled to give the talk a year ago, but it was canceled after an ATM vendor objected to his then-employer, Juniper Networks. This year, Jack switched jobs to IOActive. The ease with which he hacked the machines should be a wake-up call for banks.
Jack showed how you could walk up to an ATM, break into it using a common universal key, and then use a universal serial bus (USB) stick to load a rootkit, or hacking software, that could compromise the machine’s security. On stage, he showed how he could run a program that could talk over the machines and get them to display “jackpot!” on the ATM screen and then spit out bills.