Jump to content

Walmart ATM


Recommended Posts

Hello guys, today I went to Walmart and saw something that caught my attention. The ATM had a little wireless antenna in the back.

Well this is the ATM:

vip994.jpg

Here we can see the back of the ATM with this little wifi antenna:

fvbqeq.jpg

And I believe this should be used instead of the wifi but for some reason it's not connected:

15mnxbl.jpg

Well I didn't knew that ATMS also used wifi, but now I was thinking what would happen if we do a man in the middle attack with the ATM, and change some packets that the ATM receive from their servers. For example telling the ATM that I have money on my account when I really have nothing. Or just steal the credit card info from other people?

What do you guys think about this? Have someone ever done a MITM with an ATM? Dang it sounds really insecure all this ATM technology...

Edited by GnomeProgramming
Link to comment
Share on other sites

The antenna probably isn't for wifi it is likely GSM, it certainly looks like the GSM ones I've got at home and I know that some machines in the US run over GSM. So you can try what you want with 802.11, you won't get anywhere.

But, if you do decide to do any kind of hacking of ATMs then expect to find yourself being locked up. Banks and ATM providers don't tend to look leniently on people trying to hack their stuff. Doing it in, or around Walmart where there are cameras watching everything that goes on is really bad, or, as they say when Joey hacks a bank in Hackers, "Fundamentally stupid".

Link to comment
Share on other sites

I wouldn't even touch a ATM. there wireless is only active when in use if im right. Not to mention that only real way to hack it is to open it and install a back door. there used to be the OLD ATM's that took debugging code that could rewrite what you got. For example. If you wanted 20, it get you 40 and so on. These are, however, not in use for this reason.

Link to comment
Share on other sites

I saw somewhere they use gsm or a proprietary wireless signal to the internet. Gas pumps are the same way, you wouldn't think it would be that secure sending credit card info over the air but they haven't been hacked yet.

Edited by thedeadhand
Link to comment
Share on other sites

I'm looking forward to learn more about this, it sounds really interesting and more difficult than what I tough. But I still think that it's insecure for an ATM to send sensitive information to the air even if it's encrypted, it should have a hardwired connection. But yeah someone need to be really stupid to hack an ATM.

And Mr-Protocol, lets not take this threat in the wrong way, it's all about information. As I said before someone need to be really stupid to try something like this.

Link to comment
Share on other sites

'Over the air' can be intercepted/accessed from the distance, if you are able to break the connection encryption then you wont even need to be in the scene of the 'crime' in theory. And for an attack to a wired connection then you would actually need to some how connect to the same network and if the only option is a wired connection then you would need to wire a machine to the network, witch security cameras or security guards can see. Do you agree? Well that's only my option, I might be wrong and you can correct me.

I'm just getting in to this field, so don't take all my comments as the comments from a professional. Just as a person willing to learn and interested on the field! :) (Also Learning english lol)

Edited by GnomeProgramming
Link to comment
Share on other sites

'Over the air' can be intercepted/accessed from the distance,

if the device is on the internet over a wired connection then it can be accessed from an even further distance

if you are able to break the connection encryption then you wont even need to be in the scene of the 'crime' in theory

If all they are relying on is encryption at the wireless layer to protect their data then they are fools.

And for an attack to a wired connection then you would actually need to some how connect to the same network and if the only option is a wired connection then you would need to wire a machine to the network, witch security cameras or security guards can see.

No, you can be anywhere en-route or if they are sharing a network between the ATM and the rest of the store then if you could pop a box on that network remotely then you are now on the network from anywhere in the world. It is unlikely that they will run a second line to a small store and set up a second ADSL/fibre connection purely for an ATM.

As I've already said, I would guess the antenna is for a celular connection not a 802.11 one which means the barrier for entry to attack the device at the network layer is much higher than basic wifi. I've also seen devices like this which have a modem in and are dialling directly back home rather than using the celular data network, this gives a direct, point to point connection type connection rather than running over IP (OK, probably dropped to IP over the backbone but again, higher barrier to entry).

Both wired and wireless connections have issues and have different types of attacks, you can't just assume that as something is wireless it is easier to attack, it might be, it might not be.

Link to comment
Share on other sites

The only thing you can say for sure is that this machine's network connectivity is easier to disrupt. What happens under those circumstances isn't clear, but you can rest assured they've thought about it, and thought anout it well.

Also note that the sheer act of disrupting GSM is a law breaking offence that can land you in jail. Without having any tangible benefit to you you've already made things difficult for yourself. Digininja is right - best to attack over the internet (assuming it's connected to that, which isn't uncommon, but also not guaranteed) as you stand some chance of covering your tracks.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...