ATM Security Flaws The Latest Threat To Worry About

from the oh-great dept

If basic identity theft threats weren’t worrying you already, MSNBC has a nice report on a potentially big security hole in the ATM system, basically pointing out that there are points on the network where PIN information is unencrypted and could be grabbed. It’s not necessarily easy to do, but it is possible and highlights how previous claims about the security of ATM networks isn’t actually true. The article quotes a bunch of financial service folks claiming that it’s really no big deal, that they’ve known about this issue for a while, the hole will be closed soon and it’s highly unlikely anyone would actually be able to use this. Except, of course, MSNBC notes that the Secret Service has already found plenty of discussions among Russian organized crime groups who have been working hard to break ATM security in order to create cloned ATM/debit cards in order to drain people’s accounts. The end result, is that it sounds like this is a serious weakness, but one not easy to exploit. Russian organized crime groups are working on it, though, so it would seem that no matter how small the risk is, it certainly sounds like something financial institutions should pay attention to. The risk is always small until someone breaks in — but by then it’s often too late.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “ATM Security Flaws The Latest Threat To Worry About”

Subscribe: RSS Leave a comment
misanthropic humanist says:

Fake ATM's coming to your town

The security is getting weaker in the UK because of the banks policies. They don’t like ATMs. They don’t like cash money and would abolish it in a stroke if they were able. They are far too “expensive” to run. I know this because I’ve spoken directly with people involved in making these policies. The current direction is to allow the ATM business to be privatised.

In England today you can find hundreds of thousands of privately owned and run ATMs. You get them in the poorest areas where they are installed in bookies (gambling houses), next to off licenses and on streets where the drug trade is known to be high. Don’t take my word, come here and see it for yourself. Aside from the criminally complicit lack of morality demonstrated you will find they charge you a “fee” for having access to your own money, about $2 per withdrawal.

Now, all this would be easy enough to swallow if you were a cold hearted social-Darwinist, but nobody has stopped to think about the obvious security implications (or maybe they have and it’s part of the plan to undermine confidence in cash money).

Basically anybody can run one of these things, any fligh-by-night crook can obtain one. Shops and bars that run them come and go. So if you are in a pub in a dodgy suburb of Manchester and you go to use a “cash machine” what makes you so sure it’s run by a trustworthy business? You have no assurance whatsoever. Anyone could modify or contruct a plausible looking cash machine that skimmed the PIN and account info.

Of course the banks have never taken security seriously. There’s two reasons for this. Firstly they have such obscene quantities of money they can afford to ignore even massive frauds and write it off as leakage. Secondly they are in a business that requires absolutely no accountability to their customers.

Chris says:

Re: Fake ATM's coming to your town

shows how much you know, there was a Bank of America that got closed down in my neighborhood because there security was too lax. The government shut them down because the government insures them. It’s funny how they do their job when it’s their insurance money on the line

Anonymous Coward says:

Fool me once, ...

The thing that bothers me about this is the revelation that past statements I remember from the banking industry were apparently false: The public claim that once the PIN was encrypted at the ATM it could only decrypted at the issuing bank (not by every Tom, Dick ,and Harry network switch middle man in between).

Also, does it bother anyone that the hardware security modules (HSM’s) that process PIN’s are made by companies like Hewlett Packard with a history of spying on people?

dustin says:

C'mon guys...

I cant tell you how many PIN’s I’ve had access to in the past few years. Pay attention when your standing in line at Seven-Eleven or pumping gas. Almost everyone who uses the touchpad to input thier PIN’s doesn’t even think to hide thier number- I can easily see what thier typing. Don’t beleive me? Go try it on your lunchbreak, you’ll see.

Just because a ‘possible’ flaw is pointed out dosen’t mean the word of banking is coming to an end. No system is ever going to be fool-proof- if someone wants something bad enough, they’ll get it. The only difference between the normal guy and the victim is a little common-sense.

Paul says:

Better Yet

My first post. but just think of this. fake machine. one that reads all the data off your card, pulls your pinn. then it gives you a messages of technical difficutlies. then a couple of weeks down the road. someone takes off with your money. would you remember were that ATM was or even that you tried to use it?

Ken Dunckel (user link) says:

Astonished at number of Lightweight ATMs Used

There are still an astonishing number of lightweight lobby model ATMs installed in awhat amount to unsuperviced outdoor locations.

Astonishing because of the speed with which they can be neatly and discreetly forced open without much more than a cordless drill motor.

Astonishing because of the cash levels they often contain.

Astonishing because so few thieves have yet to learn to drill them instead of trying to uproot them and drag them off.

My guess is that this sort of theft will increase nationwide in the next 12-24 months.
Ken Dunckel
Safecracker CA License #001985

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...