ATM Backdoor… Why is no one talking about this?

Dave G. | September 20th, 2006 | Filed Under: Defenses, Disclosure, New Findings

atm.png

So, two people have sent me two links (YouTube) about this story. Apparently, a man came into a store that had an ATM. He walked up to the ATM with an ATM card (supposedly nothing special about the card, but it wasn’t his), and typed in a magic security code. Supposedly, this code allowed him to reconfigure the ATM machine to believe that it was filled with 5$ bills instead of $20 bills. When you go to withdraw money, you get 4x the expected dollar amount. Of course, the criminal left the machine in that mode, which after 9 days of use, someone finally reported that the machine was giving out too much money to the clerk. Judging from the video, the ATM looks like it is a Tranax Mini Bank 1500 series.

Tranax’s website had this little gem in their knowledgebase:

The ATM is programmed with the passwords that the distributor requests when the order is placed to program a new ATM. When special passwords are not requested they are left at the factory default (see your mini-bank operators manual) Every new ATM that is shipped from Tranax has a copy of the print setup included in the “open me first” box or envelope. The master password is hand written at the top of the print setup for the convienence of the installer.

My questions:

  • ATMs have security codes that allow you to reconfigure the ATM with no one noticing?

  • What other configuration changes can be made?

  • Can these security codes be changed?

  • Is this going to be as bad as the Simplex lock fiasco?

  • How hard is it to get a Mini-Bank Operator’s Manual? Anyone that has one of those can basically reconfigure any ATM where they didn’t change the password. Which probably means MOST Mini-Bank ATMs.

Again from Tranax’s website:

Tranax ATM user manuals and basic training manuals are available for purchase through your Tranax Distributor. ATM software is available for download on the authorized distributor and authorized service provider (ASP) sections of this site. In order to access this section you will need your unique username and password given to you after becoming an authorized distributor or ASP.

I am going to try and do a local news style expose on how easy or hard it is to obtain one of these legally. No I will not be sharing any information with anyone or do anything unlawful with the information.

15 Minutes Later

I am holding in my hands a legitimately obtained copy of the manual. There are a lot of security sensitive things inside of this manual. As promised, it includes:

  • Instructions on how to enter the diagnostic mode

  • Default passwords

  • Default Combinations For the Safe

Update: 9/21/06 3:30AM

Someone was talking about this. I just didn’t hear it. Someone else discussed a methodology they used to find similar issues two days prior to my post. I should know by now to be reading ImmunitySec’s DailyDave mailing list regularly.

Update: 9/21/06 10:50AM

We hate moderating comments. We’re happy to host comments that say this is all an elaborate hoax and that we’re just attention-seekers. But we’ve made a decision not to publish details about where to find this information; we’re already the web’s #1 source for illicit stereo access for Volvo 850’s.

Please don’t post comments explaining how to find the manual. We’ll have to delete them, and we don’t enjoy doing that.

Update: 9/22/06 2:52PM

There is additional commentary on our blog right here.

Viewing 73 Comments

    • ^
    • v
    My initial reaction was that the stories had to be wrong. There is no way that input from the keypad could reprogram the unit, I figured. Silly me.
    • ^
    • v
    Yeah right buddy. *15 minutes later* what a crock of shit. publish it if you actually have it otherwise fuck you!
    • ^
    • v
    LoL to previous comment, but he does have a point
    • ^
    • v
    Tranax ATMs aren't the only ones that have security codes that allow you to reconfigure them.

    The first comment on the article that you linked to said "investigators know the only people with these codes work for armored car services". This statement is totaly untrue, as many ATMs are serviced and replenished by the business they are located in. There are three employees at the place I work, that know what the code is to the one located in the lobby.

    I, personally do not want to know it, as I am the type of person that would want to take advantage of it. Jail isn't any fun, either.
    • ^
    • v
    My friend showed me this hack up in Boston probably 5 years ago. Amazing but true, I saw it with my own eyes. The drawback is that the ATM card swiped to make the change is in the system, so you have to be a bona fide bad actor and use a stolen/borrowed card with the full knowledge that whoever owns it is going to get dinged for this. But still a ridiculous feature and easily circumvented by Ed Felten or others smarter than I... And Diebold says "TRUST US" with their voting machines... heh. :D
    • ^
    • v
    I agree with the comment calling you a crock of shit. Why even write about it if you wont share the info. Its not like youre really stopping anyone dedicated from finding one, youre simply annoying them by saying its extremely easy to find but look elsewhere.
    • ^
    • v
    Ben, "name", I apologize. On behalf of Matasano, I am authorized to offer you your money back.
    • ^
    • v
    The ATM story doesn't surprise me. I briefly worked as an alarm technician. The alarm systems have a default or INSTALLER password for when clients don't want to give their passwords. I was surprised how many people trusted an installer they had never met with their passwords or even used the original default password. Even most vending machines have diagnostic modes that can be accessed by pressing the right button combo or even remotely. My brother made a small fortune retrofitting cigarette machines before they became illegal.

    Most Windows computers are ridiculously easy to reset the motherboard password. I boot all my computers from a server which checks the time on the mobo and refuses to boot the machine if the time is off by more than a few minutes. Sometimes the lithium battery dies and the mobo forgets its settings. Any IT dept. could install security to prevent access if it cared to do so.
    • ^
    • v
    Ben,

    Matasano won't stoop to your level so I will.

    You are an idiot.

    Why? See your above comment.

    I rest my case.

    Josh
    • ^
    • v
    Who cares about the motherboard password? just pull the drive...

    As to codes yes, there was one on youtube. I can do it and it works with all coke machines. Its either 1-3-2-4 or 2-3-4-1 as in, the drink selection buttons, and it drops you into a diagnostic menu where you can see items baught, costs and shit.. I never found out how to get free pop because it was in plain view and meddling with it for more than a few minutes wasnt fun. The change return is ESC if you get nervous and have to log out.
    • ^
    • v
    4231

    http://hackedgadgets.com/2006/06/27/hacking-coc...

    Well it could have been one of four options lol.
    • ^
    • v
    LOL. The guy on Wired found it in a few seconds.
    • ^
    • v
    >> Yeah right buddy. *15 minutes later* what a crock >> of shit. publish it if you actually have it >> otherwise fuck you!

    I second that.

    Or at the very least tell us how you got it.
    • ^
    • v
    cheapdaddy,

    Nice try, but anyone who has actually seen the inside of a PC knows the BIOS password has nothing to do with any installed OS.

    And anyone that has actually worked with PCs (like you pretend to do) knows that you can reset the password (and all other bios settings) by flipping the CMOS Clear jumper, which is clearly labled on most motherboards.
    • ^
    • v
    Yeah! Just because you've published a huge number of papers and in-depth discussions of vulnerabilities isn't any reason for us to believe you actually did this!
    If you aren't going to give us detailed instructions on how to get a copy ourselves then I want my money back too! With interest!

    "Worst Episode Ever"
    -Comicbook guy
    • ^
    • v
    Lol.... Wahhh! You won't give me detailed instructions on how to hack an ATM.

    Grow up you script kiddies and try figuring it out yourself.

    /Go take something apart and learn how it works some time.... and get off my lawn....
    • ^
    • v
    all of you nubs that are saying he didn't do it, and want instructions on how to get the manual are just mad that you don't have it. if you were really worth anything you would stop asking for everything to be handed to you on a silver platter and actually do something for yourself.

    god forgive me for even reading the comments, let alone making a comment myself.
    • ^
    • v
    What you have here is someone familiar with ATM installations. Regardless if it is a TRANAX, TRITON, TIDEL or any of the other models, it is easy to do this.....IF you know the password.

    This is one reason the merchant or installer should NEVER leave the ATM master password at default. This guy can also be an ATM installer.....and has a record of the new passwords that were put in the ATM, therfore making it very easy for him to do this.

    It is unlikely that any buffoon off the street would be doing this.
    • ^
    • v
    I used to work at an Indian casino in the vault. We had 7 ATMs there that I serviced and refilled every night I worked. I knew the codes to all of them and could, if I had wanted to, reprogram the ATMs to think they had any dollar amount in the cassette. All without opening the ATM, just from the keypad.
    • ^
    • v
    This is why hardware-access switches are a must. "What you know plus what you have" is a good rule of thumb. For some machines, such as vending machines where only the money-collector will be doing maintenance, the door-open or door-key-turned sensor can be the switch. In others, such as an ATM, an ATM card unique to the machine or password-that-changes-every-minute code-generator can substitute for a door-opening key.
    • ^
    • v
    Took me about twenty minutes to find it. Unbelievable.
    • ^
    • v
    Holy cow batman:

    Less than 5 minutes.

    I kid thee not :-(
    • ^
    • v
    it took me less than 2 minutes to find a copy of this manual...
    • ^
    • v
    FYI, all of this is not new information, really. These attacks have been around for ages. Similarly, any sort of stationary electronic has been explored similarly. Do a search for videos on hacking programmable construction signs, for a popular one.

    The concepts are simple. Devices need to be configured such that a simple operator can install and/or use them. Manuals are kept on site, default passwords rarely changed (or if they are, are sometimes written inside the operator's panel), and information on how to use the device kept secret as much as possible. Barring this obscurity, the only other real protection has long been a simple lock and the good conscience of regular people.

    Likewise, many curious people have gotten hands on devices like old ATMs and such (illegally or not) and have tinkered and poked at them enough to publish their findings as well. Or just buy an operator some drinks and start asking the questions.

    This is all about as old as phreaking and ATM machines themselves. However, hopefully this publicity changes some policies (corps really only respond to economic pressures...).
    • ^
    • v
    Seems like a lot of huzzah over nothing. I have a friend who was a locksmith for many years. According to him, about half of the people who locked themselves out of their safe (and thus called him) had left the combination set at the factory default. Stupid is what stupid does. Or something like that.

    I wrote software for ATM machines for 6 years, so I have my own perspective on all of this. It's just like any other system which must be a) secure and b) usable by a variety of people. As part of my job I occasionally handled telephone support for ATM owners. Most of them were decent folks. Not too many of them were rocket-scientist types, however. In fact, a sizeable percentage didn't speak enough english to be coached through even simple procedures. So what are the ATM manufacturers going to do? Secure it to the max, but frustrate technologically unsophisticated owners? Well, you COULD do that. Or you could make it simple(r) to user, and provide ADEQUATE security that does, unfortunately, require some extra diligence on the part of the operators. Nothing requiring an engineering degree; just common sense and the ability to read a bold sentence in the manual which says something like "CHANGE THIS PASSWORD". Seems to me to be a little like those notices on an automobile radiator that says "don't stick your hand in this moving fan", or on a gas can that says "warning: this is flammable". But, well.

    There are a lot of ways to be dishonest. This particular scheme isn't really noteworthy except that everybody goes gaga when they hear that an ATM machine is involved.

    The company I worked for had a couple of thousand machines out in the real wicked world, and AFAIK none were ever compromised. We did have several snatched out the front door on the end of a chain dragged behind a pick up truck, though. That was the real-world problem most ATM owners actually worry about (and deal with.)

    Nothing to see here. Move along.
    • ^
    • v
    ixyk:

    I got it in 22 seconds. And 13 of those, I was distracted by a porn link.
    • ^
    • v
    xrayspex: I couldn't possibly disagree with you more, but that's still one of the best comments we've gotten this month. Thanks for writing it.

    You're laying out a microcosm of the whole problem of information security. End-users will not educate themselves about security; they are too busy managing the cooling rods, trying cases in front of the Supreme Court, and repairing gall bladders. So the challenge vendors face is amplified: they can't take the easy route and "secure everything to the max", and they can't leave everything wide open.

    What's left in between? Finesse.

    There's a whole other post you could write about simple mechanisms these ATMs could use that would not substantially increase end-user frustration but would make these attacks a lot less likely. The meta -lesson is that "security usability" is drastically underrated; "security usability" has less to do with human interface design and more to do with security engineering done under heavy constraints.
    • ^
    • v
    • ^
    • v
    For some manufacturers, default master password information is generally available in their user manuals. They put in big warnings that it be changed but of course that isn't always done.

    Here is an obvious google query so I am not posting a URL.

    http://www.google.com/search?q=user-manual+site...

    -Chris
    • ^
    • v
    Of course ATM owners will be stupid and not RTFM.

    Of course ATM users want a system that is easy to use after 15 beers.

    Of course ATM manufacturers don't want to field a buttload of "Duh...I forgot the password" support calls, or lose sales to the other guy who makes a noticeably cheaper box.

    Tom's right -- simple, obvious stuff can still help here:

    One manufacturer makes it so that if the master and admin passwords are identical then the ATM won't do all the good stuff 37337 hax0rs want. Why not also check that the values are not the defaults?

    If the concern is that recovery is impossible if the owner gets hit by a bus, then how about adding $1.50 to the cost of each ATM and storing the values in a module which is inside the "vault"? How about giving the owner the chance to print the passwords (with big letters saying "If you leave this in sight you are an idiot who deserves whatever he gets")?

    How about giving each box random PWs, and supplying a card with what those values are, AND doing any of the above?

    None of these measures is perfect, but any of them is better than shipping a box full of money that can be opened, more or less, by typing "password".
    • ^
    • v
    hm, Kind of worrying, I mean it just seems too easy to get the information.

    I always think that a mixture of physical security and software is needed, e.g. you need a key to add money to the machine, why don't you need a key to enter the setup of it ( + a password), how hard is it to say, enter your key, then enter your password, would also work to have the keyhole positioned away form the screen e.g, on the floor.

    "hello Mr customer, why are you bending down round the back of my ATM, oh you are inserting the security key, I think the police would like to know about that..."

    Surly it can't be that hard to program in a method to make sure that the default password is different for each machine, if wordpress can do it (which they do), why can't a manufacture of ATM's do it?

    oh well, strange how it dosn't surprise me that much...
    • ^
    • v
    Chris W.,
    I'm shocked and appalled at the obvious gall you posess with posting google search links. You and your l0pht ilk have been promoting research and learning for too many years now! When will it all end? Please do better next time and just post: "http://www.google.com" and leave it as an exercise for the expert search geeks.
    • ^
    • v
    So, with regards to xrayspex's quip about safe's and default combinations. In _Surely you must be joking Mr. Feynman_ this is discussed a bit in a chapter on his lockpicking adventures while working on the a bomb. He had found a technique to simplify the notion of guessing a combination on a password, but a new general, locksmith and safe were brought once which no one knew the combo to. The locksmith opened it miraculously, and when Feynman and he later had an exchange trading tricks of the trade, while Feynman had actually been developing some lockpicking techniques, the locksmith just used a default combination which had never been changed.

    By the way just because it's common practice, doesn't mean it's not absolutely wrong and stupid. It's much more a case of 'locks on doors only keep honest people honest' just putting up a show for those who don't care to subvert things, while those who do find it stupifyingly easy.

    Oh, one other nice bit from that chapter - Feynman tried to work with his superiors to get them to switch safes or report the weakness to the safe vendor. Their response? "Keep Feynman away from your safes!" Glad to know smart guys have been slain messengers long before I was born. A great read for this, and many other stories, quite a few of which discuss crappy security in what should've been the highest security facilities in the world at the time.
    • ^
    • v
    To everyone that says this is BS: You're wrong. I too obtained the said manual in less that 15 minutes. About 5. No, I won't post anything for the script kiddies either. I will say that the manual contains very detailed information on the master operator interface, does contain default passwords, the default passwords are what you'd expect to see as defaults (i.e. lame and should be changed immediately), shows detailed info on how to use the keys and what screens should appear, and I would expect that EVERY Tranax machine should be disabled for "service" to update these default passwords so that the script kiddies reading this can't go out and steal a machine's cash. The only thing I can say is at least the guy who pulled this off didn't need to carry a gun.
    • ^
    • v
    How many years in jail if you get caught?
    Could you get a job with at ATM company after you got out?
    Most high tech or IT departments require a background check.
    Just some thoughts.
    • ^
    • v
    grey, you made a mistake about Feynman. All he told people to do was to shut thier filing cabinets when not using them so he couldn't read the number by twiddling the dial.

    The ATM backdoor is an old hack which people didn't care about until it got into the news. I am aware of one ATM (well one ATM location), which has been hacked, stolen, or smashed open so many times things are geting rediculous, but no-one cares.
    • ^
    • v
    Traffic Lisghts are anoth potential target. In Adelaide they are all controlled by an old P2 box sitting under someones desk, linked to the public phone network's fibre connection. at each of the traffic lights is a P1 running a DOS script which controls the lights. THe local units can be over-ridden by commands form the central server (i.e. for the Fire Brigade), and so the units can be hacked by anyone who can connect to the phone network, if they know how.
    • ^
    • v
    Over at 27B Stroke 6, Kevin Poulsen is reporting that Tranax (rhymes with Xanax!) is going to require a PW change in the new firmware rev.

    Who says responsible disclosure doesn't work?

    :^)
    • ^
    • v
    Dave,

    It's really funny for me to read this story. I found a Tranax 1500 manual on the sidewalk outside my apartment, maybe a year ago. No idea how it got there, there's no Tranax ATM anywhere near me; sometimes my life is just like that. I've been waiting for this story to happen ever since.

    And Tom, don't ever change.
    • ^
    • v
    You can't control me!
    • ^
    • v
    My god this is so idiotic its not even funny. I tried to find and almost choked on my soda I was drinking when I had the pdf. file. Then I tried the same theory to another " brand " of ATM and it worked the same.
    • ^
    • v
    Okay, I'm an ATM technician and have experience with these machines, so I'll provide some background on the hack.

    There are three passwords that can be imputted from the keypad:

    1. Operator (guy who fills machine)
    2. Technician (same access with more diagnostic options)
    3. Master (Everything)

    If you want to perform the hack mentioned above, you need the Master password, which is obviously pretty easy to get. I've seen armored car rent-a-cops on $12/hour use the Master passord for simply filling the machine.

    All passwords will give you access to the ATMs electronic journal which shows the last x000 transaction. When you wipe it using the "Clear Journal" option...

    If you're prepared to spend time reprogramming the machine to dispense $20s when it thinks it's dispensing $5s, go ahead. It may make people like the dumb f*cks who run the machines I service start taking things seriously.
    • ^
    • v
    I like the one about traffic lights. Years ago I worked in Beijing for while, on the way from the pub one night I noticed the door to the traffic light controller was unlocked so we switched it off and sat back to watch the fun. Sure enough we were rewarded after a couple oiof minutes.
    Best thing though was the next night it was still unlocked.
    Stupid is as stupid does!
    • ^
    • v
    ATM Tech
    If the thief had used the "clear jounal" option would there be any way to trace who had done this?
    • ^
    • v
    It is hilarious, I found the master password in 5 minutes after skimming through the .pdf, and it's as easy as the coke machine hack.

    Is there a way to make the ATM think you never got any cash out, before it writes your card balance/limit to the card, like the pre-1989/1979 ATM glitch?

    As I understood the manual, clearing the journal just "audited" the entrys, didn't erase them. Is there a way to erase the entrys?

    Can you "load" the bill-transporter, and THEN purge it? Would make for a hell of a way to get money without having to insert a card.
    • ^
    • v
    A nema niekto aj manual pre slovenske bankomaty? :))
    • ^
    • v
    fuck yourself with your pathetic blog and die...

    dont give advices for the machine operators you fool because I cant use these passwords then, I sick of kiddies like you who belive they are big hackers and do social things like this, fuck man...
    you are nothing more than a pathetic [expletive removed], peoples like you screw the internet, thanks.
    • ^
    • v
    You'd better not be talking to me, [wah!]
    • ^
    • v
    yeah then what? I will skin your [wah!] after I [wah wah!] her then I put a shotgun to your [wah wah wah] and rip off your [wah!] head, after that I torture and [wah wah wah wah] your whole family if you open your mouth again [wah!]...
    • ^
    • v
    why are you all so suprised?
    • ^
    • v
    jack, [wah!] your mothers [wah! wah!].
    • ^
    • v
    whoa, that's one clever sonofabitch! lol.
    • ^
    • v
    Hell yes I believe it, in fact the woman who issued me my first VISA card, took me OUT TO THE ATM, and put the card in, and PRESSED THE KEYS to bring up a SPECIAL MENU, in which she ACTIVATED MY VISA.
    • ^
    • v
    @ Chris,

    Yes, you can still get hold of a copy of the TRANSACTION journal from the switch which links the bank's computer to the ATM.

    However, the transaction journal does not include terminal-only entries like power on/off, change of receipt layout or changes to passwords. Dial-up machines like the Minibank only communicate with the switch (and bank's computers) when there is something "interesting" happening, like a request for cash to be dispensed.
    • ^
    • v
    This reality stuff is scary.
    • ^
    • v
    For all those who have "found" the manual. Isn't there a switch that needs to be flipped before you can enter the "Master Password" I serviced many different types of ATM machines, and they all had a service switch/key that was located under a locked hood on the stand alone models or in the rear of the machine on the through the wall modeld. This switch needed to be activated before anyone could go into diagnostic or programming modes. I think there is more to this story that is being left out. Perhaps the armored car company, left the machine in service mode, or the thief did more than just enter a password.
    • ^
    • v
    Wow, I found out for myself. The manual is out there still, but you have to view it as HTML, to get the cached version of it. What a piece of Garbage. I remember seeing the prototype of the Tranax at the BAI trade show in Dallas somewhere around 1999. It's a real Rube Goldberg contraption. I believe this thing was developed in some guys garage. It cannot be compared to the real ATMs that are made by Diebold, NCR, and Fujitsu which are remarkably secure and reliable.
    • ^
    • v
    With everyone wanting to get ahold of the manual now, it raises a question since I received mine in about 2 minutes.

    Am I the only one with access to Google?
    • ^
    • v
    Mmmmm... all of this makes me think of the disaster Diebold has going with their electronic voting machine! If it's electronic you can bet your 'arse' someone can manipulate it.
    • ^
    • v
    you are a fucking stupid arsehole nothing but a typical deadbeat scamming bastard just close this site down Ill report you son of a bitch to the FBI for money laundering and fraud you'll get 10 years
    I have copied this website for proof and have your IP adress and adress details and thats all proof they need to aresst your scamming arse , just a reminder when your in prision dont drop the soap
    • ^
    • v
    I'm so sorry!
    • ^
    • v
    "FBI" needs to take advantage of our public school system before he(she?)makes any sort of legal declarations. "DUH" would be a better handle. :O/
    • ^
    • v
    I work on and program these machines every day.

    There is a fact you are missing. You can program whatever denomination of bill you want into the machine, however the processor the machine dials into and connects to has to have the matching amount programmed in. If it is set at the processor server end to $20, you can enter $5, $10 whatever the hell you want, it still knows it should have $20's in it.

    The average layman or even medium tech aware can do little more than screw the machine up by going into management and playing with settings.
    • ^
    • v
    >What a piece of Garbage. I remember seeing the >prototype of the Tranax at the BAI trade show in >Dallas somewhere around 1999. Itโ€™s a real Rube >Goldberg contraption. I believe this thing was >developed in some guys garage. It cannot be >compared to the real ATMs that are made by Diebold, >NCR, and Fujitsu which are remarkably secure and >reliable.

    The Tranax machine is by far the best 3rd party bank machine made. It is professionally made, well designed and operates flawlessly. We operate a large number of these. I would rather own these than the others you mention, which I have also worked on.
    • ^
    • v
    What is this blog about? I scroll and find a bunch of kids making asinine threats to one another. Are any of you nitwits older then say 13?
    • ^
    • v
    Yes. But not by much.
    • ^
    • v
    this scam works in the UK, but only on the american type ATM's people say this don't work, it does if it was non-reprogramable then it would be useless because what if the time would alter then it would have to be changed back.
    • ^
    • v
    There are strict policies and security procedures regarding ATM installation & operation, which when followed properly make this 100% impossible.

    Unfortunately, the amount of white-label ATM operators who don't follow them is growing. (For example, to enter the secret master keys to connect to the network you are supposed to have TWO separate people enter codes which get mailed to the company in two separate envelopes and they should not be entered at the same time, and they should be destroyed as soon as they are entered.. and companies send one guy to install the ATM all the time, sigh)

    To make matters worse, some of the newer ATMs do allow you to enter a service menu without opening the ATM or doing anything more suspicious than entering a few codes in the keyboard and a numerical password. (Not that opening the ATM for half a second and closing it (say on an MCD-2) is all that difficult to begin with, at least if you're an ATM technician and have master keys.., but seriously, what were people thinking when they removed this?! And the older machines even required you to open it ALL the way up AND flip a switch inside it to enter supervisor mode (MCD-1) )

    The only good news is that only the owner of the stolen card who failed to report it stolen (only someone mental would use their own ATM card) OR the silly ATM owner will incur the losses if you simply reprogram the denomination of bills inside the machine. So this means non-moronic ATM providers and users are perfectly safe.

    PS: Erasing the log only erases it on the machine. The network still has copies of all transactions.
    • ^
    • v
    Alex and ATM guy are both correct. As an ATM tech, there are lots of back-end procedures that keep idiots like you from stealing from an ATM.

    Yes, you can change the denomination at the terminal, but unless it is also changed on the processors end then you'll still be charged the full amount of your withdrawal. Go ahead and put your card in nub.

    And how about this? Instead of feeling like it's your right to scam the IDIOTS who build and run these ATM's, get a job and contribute to society. The only reason we need the type of security currently found on ATM's is because of worthless two-bit hacks such as yourselves.
    • ^
    • v
    ok, just to clarify some of this, i am a head tech for one of the countries largest atm distributors, so allow me to clarifty.

    1) if you change the denomination, yes you get away with it, you do NOT have to make a change at the host as the previous poster suggested (that only applies to surcharge, not to dispensed amount)

    2) all currently manufactured atm's REQUIRE that you change the master password to the atm, the passwords they're using to "hack" these are defaults that the atm's ship at, and for the longest time you didn't have to change them and many people just left them, all current software versions require a password change.

    3) unless you're using a card generator you can get caught very easily doing this, and most people that try this do get caught, it is possible to look at the changes made on the atm, and when you see the denomination changed, then somebody pulls a load of cash, you just track that card number.

    4) there is NOT a magic back door, it's just that most people are lazy and don't want to make any changes they don't have to make.
    • ^
    • v
    Guys, I have worked with Tranax extensively and I can tell you this, it is very easy to reprogram an atm to give out lower denominations than are in it. If you have the password; however, most people do change those passwords but I have found many that are the standard factory default passwords. I'm not sure about the current tranax model but from the 1500 series down you can leave factory passwords in.

    Ok so here is where everyone says great but you have to find one with factory password or know the password to make the demonination changes. True but there is a back door. I wont tell you the specifics but for the service tech that answered above address this one. What is someone clears the NVRam? now the passwords are reset but the master keys still reside within the ATM.

    Thanks,
    • ^
    • v
    Sorry one clarification, this would apply to a visa upgraded ATM but most old ones are visa key pad upgraded. The reason is that the passwords reside in the motherboard and the master keys are now in the visa key pad which means you can reset the mother board independent of the visa master keys.
    Thanks,
    • ^
    • v
    just a quick question, ive heard that wincor now have a sensor that detects any foreign object like a skimmer and shuts down the atm. does anybody know how long it takes for it to detect anything and how can one tell if it has those sensors bcuz i know they are optional.

Trackbacks

close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus