ATM Black Box Attacks

ATM Black box

Learn how hackers execute ATM black box attacks and how Sepio asset risk management commercial platform protects your hardware devices through physical layer visibility.

Money flying out of the machine. The winners smiling. Most likely night-time. No, I’m not describing the Vegas Strip at peak time. I’m describing the ATM around the corner from where you are now. However, before you jump up from your seat to cash in on the thousands of dollars coming out of the machine, you should be warned that this is the result of ATM Black Box Attacks.

ATM Jackpotting Attacks allows hackers to, well, hit the jackpot. These attacks are common in Europe but pose a real threat to the rest of the world. Hackers execute these attacks using simple devices called ATM black box attacks. So, if you’re strapped for cash, read carefully because you’ll soon know exactly how to hit the jackpot. And you won’t need to travel to Vegas to do it.

An ATM is made up of two main parts: the cabinet and the safe. The former is the main body, and holds the ATM computer, which is connected to all the other devices. Luckily for you, the cabinet is practically unprotected, making it easy to gain access. The latter is more secure and contains only the cash dispenser and cash acceptance module. Yes, the cash dispenser is the most important part in this whole operation, but thankfully you will only need access to the cash dispenser cable, which is located outside the safe, to successfully execute this attack.

By gaining access to the top box of the cash machine, you will be able to bypass the main board communications and disconnect the physical dispenser from the ATM PC core. This is when you attach the periphery device (the black box) directly to the dispenser whereby you can initiate cash dispensing commands.

ATM Black box

The Silent and Lucrative ATM Black Box Attacks

The best part is that you will not leave a trace on the target’s payment terminal as the attack relies on the outputs produced by the ATMs in response to your inputs. Furthermore, you can disable checks that verify legitimate access, as well as other security mechanisms, to go undetected (#winning). The perfect time to do this would be in your lunch break as this will only take you 10 minutes. This leaves more than enough time to treat yourself to a nice meal at Nobu, what with all that extra cash burning a hole in your pocket. The icing on the cake when it comes to ATM black box attacks is that almost 70 per cent of ATMs are vulnerable to them. So that ATM you walk past everyday is most likely a great target (ATM Jackpotting).

If the Kardashians are making money from being famous, then you can make money in an unconventional way, too. Who’s got time for a 9-5 nowadays anyway?

See every known and shadow asset. Prioritize and mitigate risks.
Talk to an expert. It will help you understand how to use Sepio’s patented technology to gain control of your asset risks.


July 14th, 2020