Bank of Montreal ATM "hacked" by two 14-year olds using nothing but online manual
June 10, 2014 // 12:30 GMT
Image credit: redspotted
Two fourteen year old boys were able to access an ATM's administrator mode using nothing but the default password they found in an online manual.
Although they were not able to access personal details (such as individual account details) or withdraw money, the boys were able to see how much cash was in the machine, how many transactions the machine had handled and other "off-limit" information. As a warning, or a prank, they were also able to change the ATM's welcome message from "Welcome to the BMO ATM" to "Go away. This ATM has been hacked."
After finding the weakness in the ATM's security, the boys reported their findings to the Bank of Montreal's local branch. After initial scepticism, the branch manager acted on the information and reported the flaw to the bank's security department. He even gave the kids a letter to explain why they would be late returning to class.
Although fortunately, in this case, the kids were not malicious and no information or cash was stolen; it is an important reminder to us all to never leave those default passwords unchanged.
Source: Edmonton Journal