ATM machines may look fairly secure pieces of hardware but if they are running Windows XP and have a public USB port, they are no good. Researchers have now revealed how hackers used malware-laden USBs to hack into such ATMs to withdraw cash.
Normally, ATMs are not this vulnerable because they don’t run Windows XP, neither do they have a public USB port. That’s because having a public USB port can open up the machine to all kinds of exploits. But then, it would appear that some banks in Germany didn’t care all that much about the security of their ATM machines.
So hackers used a malware to infect one of these ATMs. Once they got inside the machine, they were able to determine the exact amount of money deposited inside it. The interface further allowed them to choose the exact denomination of the bills they wished to withdraw.
Naturally, the hackers went with the highest-valued bills. Interestingly, these hackers used exploits to dispense money out of ATMs and then patched the exploits, so that the bank wouldn’t discover them. This way, they were able to draw out substantial sums of money before the bank finally realized that something was awry.
The hackers also had a mutual fool-proof mechanism, which involved providing a 12-digit code to access the interface and then furnishing a second login code. The second code had to be received from a hacker remote from the location of the ATM. The mechanism, researchers speculated, were meant to stop any single hacker from making off with the money.