1、黑客令 ATM 机自动吐钞上周,在美国拉斯韦加斯举行的电脑安全专业大会“黑帽大会”上,一位计算机黑客向观众展示了不用银行卡就能让 ATM 机疯狂吐钞的“绝技”,让现场观众看得目瞪口呆。这位黑客名叫杰克,其实是一位资深的计算机安全研究人员,他花了两年的时间研究各种独立 ATM 机,并找到了这些设备的漏洞。他发现同一厂商制造的同一型号 ATM 机使用的钥匙都是一样的,他在展示时用钥匙打开一台 ATM 里含有标准 USB 装置的部件,插入他自己写的破解程序,然后顺利操控 ATM 电脑,让机器自己吐出钞票。杰克展示的另一种攻击方式则更具威胁性,他是通过网络对 ATM 系统进行远程操控,利用 ATM 厂
2、商与 ATM 机网络连接中的漏洞入侵 ATM 机的电脑系统,不用任何密码便能自如操控 ATM 机。杰克在会上没有深入说明入侵 ATM 方法的具体操作细节,以及涉及的 ATM 厂商。他强调,他“不是在教大家破解 ATM 机 ”,而是要让 ATM 厂商提高警觉。 A hacker has discovered a way to force ATMs to disgorge their cash by hijacking the computers inside them.The attacks demonstrated Wednesday targeted standalone ATMs. But
3、 they could potentially be used against the ATMs operated by mainstream banks.Computer hacker Barnaby Jack spent two years tinkering in his Silicon Valley apartment with ATMs he bought online. These were standalone machines, the type seen in front of convenience stores, rather than the ones in bank
4、branches.His goal was to find ways to take control of ATMs by exploiting weaknesses in the computers that run the machines.He showed off his results here at the Black Hat conference, an annual gathering devoted to exposing the latest computer-security vulnerabilities.His attacks have wide implicatio
5、ns because they affect multiple types of ATMs and exploit weaknesses in software and security measures that are used throughout the industry.Jack, who works as director of security research for Seattle-based IOActive Inc, showed in a theatrical demonstration two ways he can get ATMs to spit out mone
6、y:- He found that the physical keys that came with his machines were the same for all ATMs of that type made by that manufacturer. He figured this out by ordering three ATMs from different manufacturers for a few thousand dollars each. Then he compared the keys he got to pictures of other keys, foun
7、d on the internet.He used his key to unlock a compartment in the ATM that had standard USB slots. He inserted a program he had written into one of them, commanding the ATM to dump its vaults.- He hacked into the machines by exploiting weaknesses in the way ATM makers communicate with the machines ov
8、er the internet. Jack said the problem is that outsiders are permitted to bypass the need for a password. He didnt go into much more detail because he said the goal of his talk “isnt to teach everybody how to hack ATMs. Its to raise the issue and have ATM manufacturers be proactive about implementin
9、g fixes.“The remote style of attack is more dangerous because an attacker doesnt need to open up the ATMs.It allows an attacker to gain full control of the ATMs and not only order it to spit out money, but also to silently harvest card data from anyone who uses the machines. It also affects more tha
10、n just the standalone ATMs vulnerable to the physical attack, and could potentially be used against the kinds of ATMs used by mainstream banks.Jack said he didnt think hed be able to break the ATMs when he first started probing them.Jack said the manufacturers whose machines he studied are deploying software fixes for both vulnerabilities, but added that the prevalence of remote-management software broadly opens up ATMs to hacker attacks.
