A presentation by Igor Soumenkov at Kaspersky's Security Analyst Summit reveals that the method behind a rash of mysterious ATM heists that left behind no evidence of hacking — only a single small hole drilled by the machines' PIN pads — were likely accomplished by using the hole to insert a $15 connector that allowed thieves to hijack the ATMs and order them to spit out all their money.
The 4cm hole exposed a "10-pin header" that provided access to the ATM's main bus, whose encryption flaws were easy to discover. Soumenkov believes the thieves built a simple board out of off-the-shelf parts and connected it to the bus, broke the encryption, and jackpotted the machines.
This attack requires the confluence of two defects: an easily accessible main component, and bad crypto. In theory, the crypto can be fixed with firmware updates, but the hardware bug will be much harder to field update.
It also helped that the ATM operations were also very easy to understand, which allowed them to reverse engineer the ATM's inner workings, and make the ATM bus do whatever they liked. Either way, even if crooks didn't have the technical expertise to reverser-engineer an ATM's protocols, there are plenty of ATM programming guides that have leaked online in the past.The only downside of this attack was that crooks needed to carry a laptop with them in order to send commands to the ATM via their $15 board.
Seeing that other crooks had no problems using explosives or cars to destroy and break into ATM cases, drilling a hole and connecting a laptop is actually a piece of cake and helps crooks maintain a relatively low profile.
Hackers Empty ATMs by Drilling One Small Hole
[Catalin Cimpanu/Bleeping Computer]
(Image: William Grootonk CC-BY-SA)
