GnomeProgramming Posted July 15, 2014 Share Posted July 15, 2014 (edited) Hello guys, today I went to Walmart and saw something that caught my attention. The ATM had a little wireless antenna in the back. Well this is the ATM: Here we can see the back of the ATM with this little wifi antenna: And I believe this should be used instead of the wifi but for some reason it's not connected: Well I didn't knew that ATMS also used wifi, but now I was thinking what would happen if we do a man in the middle attack with the ATM, and change some packets that the ATM receive from their servers. For example telling the ATM that I have money on my account when I really have nothing. Or just steal the credit card info from other people? What do you guys think about this? Have someone ever done a MITM with an ATM? Dang it sounds really insecure all this ATM technology... Edited July 19, 2014 by GnomeProgramming Quote Link to comment Share on other sites More sharing options...
digininja Posted July 15, 2014 Share Posted July 15, 2014 The antenna probably isn't for wifi it is likely GSM, it certainly looks like the GSM ones I've got at home and I know that some machines in the US run over GSM. So you can try what you want with 802.11, you won't get anywhere. But, if you do decide to do any kind of hacking of ATMs then expect to find yourself being locked up. Banks and ATM providers don't tend to look leniently on people trying to hack their stuff. Doing it in, or around Walmart where there are cameras watching everything that goes on is really bad, or, as they say when Joey hacks a bank in Hackers, "Fundamentally stupid". Quote Link to comment Share on other sites More sharing options...
super-6-1 Posted July 15, 2014 Share Posted July 15, 2014 I wouldn't even touch a ATM. there wireless is only active when in use if im right. Not to mention that only real way to hack it is to open it and install a back door. there used to be the OLD ATM's that took debugging code that could rewrite what you got. For example. If you wanted 20, it get you 40 and so on. These are, however, not in use for this reason. Quote Link to comment Share on other sites More sharing options...
thedeadhand Posted July 15, 2014 Share Posted July 15, 2014 (edited) I saw somewhere they use gsm or a proprietary wireless signal to the internet. Gas pumps are the same way, you wouldn't think it would be that secure sending credit card info over the air but they haven't been hacked yet. Edited July 15, 2014 by thedeadhand Quote Link to comment Share on other sites More sharing options...
Computer_Security Posted July 15, 2014 Share Posted July 15, 2014 If you want to know about hacking ATM's watch barnaby jack because this is what he was known for ( He was also known for hacking insulin pumps ) here he is at blackhat.... https://www.youtube.com/watch?v=Ss_RWctTARU and here is his wiki.... http://en.wikipedia.org/wiki/Barnaby_Jack Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted July 15, 2014 Share Posted July 15, 2014 Let's not condone doing any illegal activities. Quote Link to comment Share on other sites More sharing options...
GnomeProgramming Posted July 19, 2014 Author Share Posted July 19, 2014 I'm looking forward to learn more about this, it sounds really interesting and more difficult than what I tough. But I still think that it's insecure for an ATM to send sensitive information to the air even if it's encrypted, it should have a hardwired connection. But yeah someone need to be really stupid to hack an ATM. And Mr-Protocol, lets not take this threat in the wrong way, it's all about information. As I said before someone need to be really stupid to try something like this. Quote Link to comment Share on other sites More sharing options...
digininja Posted July 19, 2014 Share Posted July 19, 2014 Without saying "because it is", please give your reasons for why you think over the air is less safe than a wired connection. Quote Link to comment Share on other sites More sharing options...
GnomeProgramming Posted July 19, 2014 Author Share Posted July 19, 2014 (edited) 'Over the air' can be intercepted/accessed from the distance, if you are able to break the connection encryption then you wont even need to be in the scene of the 'crime' in theory. And for an attack to a wired connection then you would actually need to some how connect to the same network and if the only option is a wired connection then you would need to wire a machine to the network, witch security cameras or security guards can see. Do you agree? Well that's only my option, I might be wrong and you can correct me. I'm just getting in to this field, so don't take all my comments as the comments from a professional. Just as a person willing to learn and interested on the field! :) (Also Learning english lol) Edited July 19, 2014 by GnomeProgramming Quote Link to comment Share on other sites More sharing options...
digininja Posted July 19, 2014 Share Posted July 19, 2014 'Over the air' can be intercepted/accessed from the distance, if the device is on the internet over a wired connection then it can be accessed from an even further distance if you are able to break the connection encryption then you wont even need to be in the scene of the 'crime' in theory If all they are relying on is encryption at the wireless layer to protect their data then they are fools. And for an attack to a wired connection then you would actually need to some how connect to the same network and if the only option is a wired connection then you would need to wire a machine to the network, witch security cameras or security guards can see. No, you can be anywhere en-route or if they are sharing a network between the ATM and the rest of the store then if you could pop a box on that network remotely then you are now on the network from anywhere in the world. It is unlikely that they will run a second line to a small store and set up a second ADSL/fibre connection purely for an ATM. As I've already said, I would guess the antenna is for a celular connection not a 802.11 one which means the barrier for entry to attack the device at the network layer is much higher than basic wifi. I've also seen devices like this which have a modem in and are dialling directly back home rather than using the celular data network, this gives a direct, point to point connection type connection rather than running over IP (OK, probably dropped to IP over the backbone but again, higher barrier to entry). Both wired and wireless connections have issues and have different types of attacks, you can't just assume that as something is wireless it is easier to attack, it might be, it might not be. Quote Link to comment Share on other sites More sharing options...
cooper Posted July 20, 2014 Share Posted July 20, 2014 The only thing you can say for sure is that this machine's network connectivity is easier to disrupt. What happens under those circumstances isn't clear, but you can rest assured they've thought about it, and thought anout it well. Also note that the sheer act of disrupting GSM is a law breaking offence that can land you in jail. Without having any tangible benefit to you you've already made things difficult for yourself. Digininja is right - best to attack over the internet (assuming it's connected to that, which isn't uncommon, but also not guaranteed) as you stand some chance of covering your tracks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.