We all know ATMs. Right? You see them on the street or at your corner Bodega. Or inside a mini-mall. If you think about it (or don’t) an ATM is just a large object filled with money. If you live in New York City, chances are you’ve seen some schemer kicking the crap out of an ATM, trying to cause the machine to unleash all of the money inside. I mean, that was also the subplot of the 2002 movie Barbershop.
As recently reported in Wired, it turns out that some safecrackers have the uncanny ability to unlock an ATM in minutes… without leaving a trace. No muss. No fuss. Hello, world of unlocked money.
The ease which safecrackers can unlock an ATM was discussed earlier this month at the Def Con hacker conference in Las Vegas. Here’s what security researcher, Mike Davis, presented:
- There are several different techniques to crack three different types of Kaba Mas high-security electronic combination locks sold by Dormakaba, a Swiss lock company. Davis unearthed these methods during two-and-a-half years of safecracking research on several safe locks sold by the company.
- These locks are not only sold worldwide by the millions to secure ATMs but also to locales that include the Department of Defense facilities.
- Davis could open the majority of these locks in five minutes or under… using nothing more than an oscilloscope and a laptop.
- The only physical trace Davis’ safecracking techniques left was the disappearance of all the cash inside the ATM. Bye-bye, money.
Don’t try this at home, but here’s how it works: an oscilloscope measures the voltage of the components being touched via simple metal pins which are inserted into a port on the lock’s side of an ATM. What follows is some power analysis.
“We’ve identified a design flaw, a pattern we’ve been able to leverage in almost every model of the lock,” Davis told Wired. “We basically know everything the lock knows and can generate a combination to unlock the safe.”
Davis stated that hacking into an ATM certainly isn’t a smoking gun. But as long as there are “things,” there will be those who want to hack into “them”—and some succeed.
Need examples? Here are a few everyday tech items that have been easily hacked into.
Baby Monitors: A man hacked into a Houston couple’s baby monitor and used the occasion to shout, as ABC News put it, “lewd comments.” The parents were alarmed when they heard a strange man’s voice coming from their two-year-old daughter’s room; he was calling her an “effing moron.”
Refrigerators: You never thought your refrigerator would be used against you, did you? This is a problem with the Internet of Things; devices that are hooked to the web and have passwords are prone to being hacked. Users make it easy for hackers when their home appliances aren’t set up properly. Basically, don’t use the word “password” as your password or the default password that came with the device.
Smart TVs: When hackers break into your Smart TV, it becomes like that old Yakov Smirnoff joke, “In America, people watch TV. In Russia, TV watches you.” But in this case, it’s your Smart TV allowing hackers to watch you.
Again, part of a hacker’s mission, besides yelling obscenities over a baby monitor, is to inform the world how unsecure our everyday devices are, so security can be improved.
In the case of ATM locks, Davis concluded: “This should tell the world how secure these locks actually are—without having to pretend that the emperor has clothes.”