Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
January 4, 2014
Chris
Security
Comments Off on Hacking ATMs – A conference talk about the current security state of Windows XP driven cash machines

Hacking ATMs – A conference talk about the current security state of Windows XP driven cash machines

PreviousNext

A few days ago the 30th edition of Germany’s Chaos Communication Congress took place, a high-profile event for IT-security and net-culture related topics. Started 30 years ago (!), this once-tiny super-nerd event has reached (positive) mainstream (media) popularity, and as usual the talks are really really good. Did I mention Julian Assange (Wikileaks) and Sarah Harrison (who made Snowden’s escape possible) took part ? But more on that in another post.

The most interesting talk I’ve currently seen is this one: “Electronic Bank Robberies – Stealing Money from ATMs with Malware” by two anonymous speakers. The topic and the way the criminals take is not new, and that’s the point: Even in late 2013 most ATMs use Windows XP (!) as the host operating system [1][2][3][4]. Yes, casual Windows XP (not a special version or something), which will officially reach End of Life on April 8th 2014. No more bugfixes, even for possible hard security bugs. It’s okay, as XP is now 14 years old, and people who still use a 14 years old Windows version (in IT-years, that’s like 100 years) in 2014 are simply a little bit retarted and have obviously absolutly no IT skills, but changing the OS of 100.000s+ ATMs all over the globe might be a little bit more difficult. In fact that’s a big topic in the bank scene.

Anyway, the talk shows how easy it is to break into a Windows XP by cutting into the ATM and plugging an USB stick onto the printer port, which holds a special software giving the attackers full control over the ATM’s system (and that’s possible on up-to-date Windows XPs !). To be fair, we have to realize that this is not possible for the average guy. The attackers need to have very detailed insights on the way ATM software works, and so it’s an inside-job.

By the way, there’s a nice explaination for this: The costs of updating and security-improving ATMs is much much higher than replacing stolen funds by criminal takeovers. So for banks, the risk is calculateable. As there are only a few hacks per year, this is a clear optimization of costs vs. benefits.

 

http://www.youtube.com/watch?v=0c08EYv4N5A

 

 

atmhackssecuritywindows xp
Share this

Creators of Laravel launch one-click-installations of Laravel (including nginx, PHP 5.5 etc.)

Again, a game changer: Taylor Otwell, creator of Laravel (which is currently the most popular PHP framework), has released FORGE

php

12 tools for better PHP quality

Nice selection of 12 tools every PHP developer should bookmark. I totally love how the PHP community becomes some kind

Frontend Ops Conf 2014 – Keynote by Alex Sexton: “Front End Operations”

https://www.youtube.com/watch?v=7HGe8zZ1G6k

Berlin, prepare for TOA conference (15th – 17th of July)

If you are in Berlin right now (and have 80-300 € to spend and 2-3 days of holidays (or “spontanious

php uk conference

Slides & talks from PHP UK Conference 2014

The slides of most of PHP UK CONFERENCE 2014‘s talks are online, very interesting stuff, have a look. And a

php

Slides from International PHP Conference 2014

Have fun :)   [slideshare id=35391362&doc=codereviewsfranksonsipc2014se-140602104917-phpapp02]     [slideshare id=35383348&doc=ipc14se-planningfortheunplannable-140602073028-phpapp02]   [pdf]http://ilia.ws/files/ipc2014_bottlenecks.pdf[/pdf]   The talk Code Coverage: Covered in Depth

First look on Gitter, the chat for GitHub

GitHub has definitly become the #1 platform for git-based public repositories on the planet, no question. The site offers excellent

mod-rewrite-ubuntu-14-04-lts

How to install / setup PHP 5.5.x on Ubuntu 12.04 LTS

Please note: This works fine. But this package will also upgrade your apache to version 2.4 which has different config

laracon-2014-eu-amsterdam

Laracon 2013 – Kapil Verma: Engineering Complex Applications with Laravel 4 (40min video)

More videos of 2013’s and 2014’s Laracon events from US and EU on their Youtube channel.

You made a mess with Git ? Here’s a flowchart guideline on how to fix

Extremely useful. Originally created by Justin Hileman in the presentation Changing History, or How to Git pretty. You’ll also find

1/4

Categories

Search

Install MINI in 30 seconds inside Ubuntu 14.04 LTS
node.js
PayPal drops Java, goes node.js / JavaScript
Ghost
[FREE SERVER PROMO] Install GHOST for free on a free SSD server with this coupon
How to fix the ugly font rendering in Google Chrome
set up a local virtual machine for development with vagrant and puphpet / puppet (and ubuntu, linux, php, apache, mysql)
A list of downloadable Vagrant boxes (CentOS 5.9 / 6.4, Ubuntu 12 / 13, Debian 6 / 7 / 7.1 / 7.2)
Compare 250+ cloud server plans with Cloud Cost Calculator
phpstorm-8
When PHPStorm’s cache eats up your harddisk space
Symfony devs: Creator of Symfony framework is hiring (Cologne, Germany)!
harper reed about big data
Harper Reed – The magic and mystery of Big Data (30min video from Webstock’15)
mod-rewrite-ubuntu-14-04-lts
Which server OS version to choose ? Some EOL lists of Debian, Ubuntu and CentOS
php
Is there a JSFiddle for PHP ? Yes !
html6
Is this the first HTML6 specification?
php uk conference
Profiling PHP Applications by Bastian Hofmann (video from PHP UK Conference 2014)
set up a local virtual machine for development with vagrant and puphpet / puppet (and ubuntu, linux, php, apache, mysql)
A super-simple pre-configured Vagrant box with HipHop, Hack and Hack code examples
redaktionelle-hochlastseiten
Hochlastseiten mit PHP, MySQL und Apache am Beispiel stern.de (deutscher Artikel)

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy