Reprogramming Your ATM For Fun And For Profit (Mainly For Profit)

from the not-so-hard-at-all dept

There was some buzz last week after CNN showed a video of an ATM machine that had been programmed to believe it had $5 bills instead of $20s (so any withdrawal actually gave you 4X the money you asked for). The guy who did this just walked in and knew the code to reprogram the ATM. He then left the ATM programmed that way, and the ATM gave a lot of people extra money for nine days before someone pointed out the problem. So how easy would it be for anyone else to do this? Apparently it's ridiculously easy. With a bit of hunting online, it's not too hard to obtain a copy of the manual for the type of ATM machine used, including instructions on how to switch it to diagnostic mode. You do need a password, but the manual lists the typical default passwords that it seems likely many of these ATM owners failed to switch. Hopefully, this new burst of publicity over the issue will encourage owners of the machines to change their passwords -- but if you happen to see certain ATMs with unusually long lines in the near future (and don't mind committing fraud), you might want to withdraw some money.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    kbob88, 21 Sep 2006 @ 10:03am

    Who's at fault?

    If the ATM is owned by a bank, they may be unwilling to go after the customers for the money. It's at least partially their fault, and banks are usually very publicity-shy. They won't want to draw attention to the fact that they screwed up. A bank's primary asset is its image as a secure place to store money after all. An article in the local paper about how their ATM gave away money is not in their best interest.

    If the ATM is owned by someone else (as most of the small ones at convenience stores are), they may have no way of retrieving the money. They'd have to get the individual's contact information from the customers' banks, because all they're likely to have is the account number and the bank's routing/ABA number. The bank, for privacy concerns, may be unwilling to hand over their customers' information (unless subpoenaed).

    Then, what's their claim? The customer asked for $100. The bank authorized them to give out $100. They gave out $200. And can they prove it? The machine's logs all state that it gave out $100! What's their proof that it actually gave out $200? The customer can insist that he received $100, and I'm not sure how the machine owner can prove otherwise. He may have a log from the armored car service that fills the machine showing that they only put $20s in. Then we have the battle of the conflicting logs and the customer's version of events.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.