The Register is reporting a story about people that are reprogramming ATM machines to dispense four times the amount of money you request.
Last week CNN screened a video (already 87k views) of a man suspected of reprogramming an ATM to dispense $20 bills that it thought were $5 notes, so fraudsters and the unscrupulous were able to withdraw four times more money than was debited from their accounts.
The suspect used a pre-paid debit card to make withdrawals, making it harder for police to track him down.
The hack was far from sophisticated. Security researchers have discovered that ATM manuals for the Tranax Mini-Bank 1500 Series, the machine involved in the Virginia scam, can be easily located online using nothing more fancy than a Google search query, eWeek reports. These manuals explain how to switch ATMs into diagnostic mode, where its possible to reprogram ATMs in the way carried out in the Florida gas-station hack, for example.
Would-be fraudsters would still need a PIN code in order to be able to access functions normally only available to installation engineers but the manual lists typical factory-set default passwords.
Here’s a copy of the manual in case you want to change the default password and prevent someone from committing this fraud.
Entering Key Management requires two 6-digit passwords. By default these will be
“000000†for part #1 and “000000†for part #2.
The ATM uses three passwords to provide security to the operator menu system. These are Operator, Service and Master.
* Operator Password (allows access to basic menu structure)
* Service Password (allows access to basic and diagnostic menus)
* Master Password (allows access to all menus including setup parameters)
The operator password can be changed by anyone with the current operator password. The service and operator passwords can be changed by anyone with the service password. The master password can only be changed by someone with the current master password. Any password can be changed using the master password.
To change a password, press the button for the appropriate password and you will be prompted to enter the “current†password. After entering the current password you will be prompted to enter the new password and then enter it a second time to verify. If you forget your password please contact your dealer or distributor for service.
Wired News says:
“If we can make them change this default password, the security will be infinitely greater,” said Hansup Kwon, CEO of California-based Tranax Technologies.
Also, check here for a list of other ATMs and their default passwords.
Popularity: 22% [?]