Memo To Banks: In Case You Missed The First Memo, Change Your ATMs' Default Passwords

from the double-the-cash-double-the-fun dept

Last month, we wrote about the story making the rounds showing how easily some ATMs could be reprogrammed and set to dispense more money than they should because banks and ATM owners never bothered to change the machines’ default passwords — passwords which were easily found in the ATMs’ manual online. JimH writes in to point out a story from Bristol, England, where people discovered an ATM dispensing double the amount of money they requested (via The Register). Word quickly traveled around, leading to three-hour lines at the machine, while an identical but properly configured ATM beside it sat unused. Local restaurants, bars and liquor stores said they did a roaring trade as people spent their “free” money — but the bank has a record of all the withdrawals and says it will chase down everyone that took advantage of the broken machine. It’s not clear if the ATM in question was one of the same models discussed last month, or indeed just how the machine came to be misconfigured, but this seems like quite an interesting coincidence. In any case, if you run a bank, it might not be a bad idea to check your ATMs and ensure they’re not still using the default password.


Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Memo To Banks: In Case You Missed The First Memo, Change Your ATMs' Default Passwords”

Subscribe: RSS Leave a comment
25 Comments
Araemo says:

Re: Maybe...

I doubt that. ATM’s are actually fairly well secured. Even if you have the default password, it seems the worst you can do is make it give more money than it should(Sounds bad, but it keeps a perfect record of this, so the banks can hold people accountable).

Diebold voting machines that don’t keep a printed paper trail do not keep any record that can show tampering. Even ones that do keep a paper trail might not show tampering if people can’t read the paper trail at the time of voting (What is the point of a paper trail if it records something different from what buttons you pushed?)

The diebold machines I used last year print a paper ‘receipt’ of your vote that you have to verify(and then tell the machine you verified it) that they show in a glass window. So you can see yes, it really did print out what you told it to before you leave the polls.

Corey says:

Don't know what's worse...

The fact that ATM’s are vulnerable in this way or that people willingly took the extra money dispensed thinking that they won a small lottery prize, further they didn’t even stop to think that the bank has logs of the transactions. I wonder if anyone who was in receipt of extra cash actually notified the branch. — I doubt it.

Shag says:

Re: Don't know what's worse...

Even though they have the records that you withdrew the money, I’m not sure that they can actually go after you.

If a teller accidentally slipped you an extra 50$, how can they go after you for that?

I think that the machine will record the transaction as withdrawing 100$ that you asked for. Not the 200 that it gave you.

Chris says:

ATM fraud persecution is EZ, so long as it's not s

Tellers and computers are completely different in the fact that a computer can never mess up. It can only ever do what it’s told. So if it’s told to dispense 10 bills for $100, instead of 5 bills, then it does. It logs that for $100, 10 $20’s were given. All you do is change the table amount by a multiply factor of 2 and for whatever amount you say you get twice as much. With logs and a nice video camera for surveliance pruposes tracking down all involved in this fiasco probably wont be anything short of simple.

sceptic says:

Re: Stealing is Stealing!

Younger generation? Of course, the older generation set up such beautiful examples through ravaging their corporations at the expense of employees. Please, if you are bitter because you are no longer young, find a better way to deal with it than faulting younger generation with it. I hear BASE jumping is a cure-all.

ebrke says:

Re: As vunerable as the OS?

OS/2 was a great operating system that IBM never knew how to market effectively, whereas MS knew just how to market everything and thereby got the jump on IBM. OS/2 has been moribund for so many years I don’t know if anyone really knows how secure it is in terms of today’s threats, but I would suspect probably pretty secure.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...