Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Twitter on Ulitzer, Ubuntu Linux Journal

Blog Feed Post

ATMs - Delicious Distributors of Benjamins or The Devil?

We have a saying where I'm from "once you have physical access to a machine, game is over." Well ATMs are thought to be special because they are super secure and physical access is kind of a requirement for them. You would think their manufacturers, providers, customers, someone would demand better security from these literal money machines. Do they?
You decide. Here are a couple pictures that might help you make up your mind:

The first one is courtesy of Rick Deacon (@rickdeaconx on twitter):

I don't know about you but that looks like a Windows blue screen of death. Now I'm not going to go all "anti windowsy" on you here but really? To be perfectly honest I'm not sure I'd trust Linux out there on its own to run what is literally a money machine. I think some sort of purpose built OS that was chip based would be more ideal to running money machines. Eh, what do I know, I only break Windows and Linux machines for a living.

Next up we have my masterpiece, my favorite money machine in the whole wide world, located in a local (to me anyway) eatery:

You might not be able to see it too clearly (I can post a clearer picture later) but yes, yes that IS an antenna sitting there happily as can be on top of it. I thought to myself, "no way they have it hooked to their "free" wifi". Guess what? They totally do. Then I thought, "well it has to be encrypted, right?" It is, if WEP is encryption. Apparently it's some sort of "hey, let us park an ATM here and charge your customers a ton of money in fees" deal. Security is secondary of course because I mean, what could you possibly do with the data an ATM sends back and forth? Probably not much so why protect it?

Read the original blog entry...

More Stories By Hurricane Labs

Christina O’Neill has been working in the information security field for 3 years. She is a board member for the Northern Ohio InfraGard Members Alliance and a committee member for the Information Security Summit, a conference held once a year for information security and physical security professionals.