ATM Black Box Attacks

ATM Jackpotting

Money flying out of the machine. The winners smiling. Most likely night-time. No, I’m not describing the Vegas Strip at peak time. I’m describing the ATM around the corner from where you are now. However, before you jump up from your seat to cash in on the thousands of dollars coming out of the machine, you should be warned that this is the result of ATM attacks.

ATM jackpotting allows hackers to, well, hit the jackpot. These attacks are commonly seen in Europe but pose a real threat to the rest of the world. They are carried out by simple devices, known as black boxes. So, if you are strapped for cash, read carefully because soon you will know exactly how to hit the jackpot. And you won’t need to travel to Vegas to do it.

An ATM is made up of two main parts: the cabinet and the safe. The former is the main body, and holds the ATM computer, which is connected to all the other devices. Luckily for you, the cabinet is practically unprotected, making it easy to gain access. The latter is more secure and contains only the cash dispenser and cash acceptance module. Yes, the cash dispenser is the most important part in this whole operation, but thankfully you will only need access to the cash dispenser cable, which is located outside the safe, to successfully execute this attack.

By gaining access to the top box of the cash machine, you will be able to bypass the main board communications and disconnect the physical dispenser from the ATM PC core. This is when you attach the periphery device (the black box) directly to the dispenser whereby you can initiate cash dispensing commands.

Leaving no trace

The best part is that you will not leave a trace on the target’s payment terminal as the attack relies on the outputs produced by the ATMs in response to your inputs. Furthermore, you can disable checks that verify legitimate access, as well as other security mechanisms, to go undetected (#winning). The perfect time to do this would be in your lunch break as this will only take you 10 minutes. This leaves more than enough time to treat yourself to a nice meal at Nobu, what with all that extra cash burning a hole in your pocket. The icing on the cake when it comes to ATM black box attacks is that almost 70 per cent of ATMs are vulnerable to them. So that ATM you walk past everyday is most likely a great target.

If the Kardashians are making money from being famous, then you can make money in an unconventional way, too. Who’s got time for a 9-5 nowadays anyway?

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.