Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ATM "Hacked" by 14-year Old School Children


  • Please log in to reply
16 replies to this topic

#1 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:48 PM

Posted 10 June 2014 - 11:55 AM

ATM "Hacked" By 14-year olds
Bank of Montreal ATM "hacked" by two 14-year olds using nothing but online manual

Written By

Casey_boy

June 10, 2014 // 12:30 GMT

272109_8251c8eb14_z.jpg?zz=1
Image credit: redspotted

Two fourteen year old boys were able to access an ATM's administrator mode using nothing but the default password they found in an online manual.

Although they were not able to access personal details (such as individual account details) or withdraw money, the boys were able to see how much cash was in the machine, how many transactions the machine had handled and other "off-limit" information. As a warning, or a prank, they were also able to change the ATM's welcome message from "Welcome to the BMO ATM" to "Go away. This ATM has been hacked."

After finding the weakness in the ATM's security, the boys reported their findings to the Bank of Montreal's local branch. After initial scepticism, the branch manager acted on the information and reported the flaw to the bank's security department. He even gave the kids a letter to explain why they would be late returning to class.

Although fortunately, in this case, the kids were not malicious and no information or cash was stolen; it is an important reminder to us all to never leave those default passwords unchanged.

Further Reading:

Source: Edmonton Journal

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


BC AdBot (Login to Remove)

 


#2 zingo156

zingo156

  • BC Advisor
  • 3,345 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 10 June 2014 - 12:01 PM

This article made me LOL a little bit... Default password on wireless devices are still very common in retail, but commercial???


Edited by zingo156, 10 June 2014 - 12:10 PM.

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

#3 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:48 AM

Posted 10 June 2014 - 06:02 PM

Seems to happen a lot actually, I seem to recall vending machines getting "broken" by default admin passwords.


sigcomp.png 
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat on Discord too! |

#4 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,429 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:48 PM

Posted 10 June 2014 - 06:26 PM

This is what anybody could do if only they read the instructions. No matter what the Electronic product, There is a manual for it and if read will give you some great insights into the product. This includes ALL Operating Systems.

Edited by NickAu1, 10 June 2014 - 06:26 PM.


#5 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:48 AM

Posted 10 June 2014 - 06:30 PM

The problem lies in the fact that the security department of these companies are not reading the manual, especially the page on changing the default admin password that is set from the factory.


sigcomp.png 
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat on Discord too! |

#6 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,429 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:48 PM

Posted 10 June 2014 - 06:35 PM

 

The problem lies in the fact that the security department of these companies are not reading the manual,

Probably off playing Candy Crush on Facebook.



#7 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:07:48 PM

Posted 11 June 2014 - 07:40 AM

 

 

The problem lies in the fact that the security department of these companies are not reading the manual,

Probably off playing Candy Crush on Facebook.

 

lol

 

If I'm the customer I may consider changing my bank, damn it. Don't change default password on ATM machine...

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#8 Bluediamond

Bluediamond

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:NASA
  • Local time:12:48 PM

Posted 11 June 2014 - 08:44 PM

Hack the Planet!!! :smash:



#9 caperjac

caperjac

  • Members
  • 1,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NS. CAN
  • Local time:09:48 AM

Posted 15 June 2014 - 07:07 AM

sae issue ,different security ,if checked iam sure we would find that .home security and other security companies use default password [different than the one you use to set it when not home, but can be used access and change your set password]for there access to the  setting up for your home security system


My answers are my opinion only,usually


#10 mast3r786

mast3r786

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 15 June 2014 - 12:17 PM

that's swak...security sucks ...read.understand.do...what more is there to say

#11 Jeffrey100

Jeffrey100

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 20 June 2014 - 06:05 AM

Is good and ok

#12 tazmania99

tazmania99

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 07 July 2014 - 12:20 AM

It's considerate "hacking"??? i think: "dumbness" of the people on charge ....

ATM's are no more secure!!!

well it never was ....



#13 Casey_boy

Casey_boy

    Bleeping physicist

  • Topic Starter

  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:48 PM

Posted 07 July 2014 - 03:48 AM

Well they gained access to a system for which they were not authorised - which is one of the definitions of hacking. Admittedly, it didn't involve what people might generally consider hacking (e.g. Sql exploits) and that's why I used the term in parentheses quotation marks :)

 

@myrti: just... well... ner :P


Edited by Casey_boy, 07 July 2014 - 10:13 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:48 PM

Posted 07 July 2014 - 08:29 AM

Those are not parentheses, they're quotation marks. :whistle: /captnobvious

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 czarboom

czarboom

  • Members
  • 608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central Texas
  • Local time:07:48 AM

Posted 08 July 2014 - 01:18 AM

All too common.  So common that all big company's like Microsoft offer rewards for this type of stuff. 

Healthcare IT is the biggest joke, and concern.  Right now, IT healthcare runs between 2 and 4 yrs behind the curve.  This is due to the FDA and its approval process for all devices. 

 

Former VP Dick Cheney's pacemaker was a WiFi connected device without a password.  Anyone using a cellphone in distance could set the AED off shocking his heart and killing him.

Jack did this and was to display this to BlackHat... but alas he died last week.

Read here.

 

He was the man who got ATM's to spit out cash among other things.  But the issue with Pacemakers was noted in 2009 or so meaning the hole was closed for Cheney but is still open for others.

 

Bluetooth is worse, using what is know as a Bluetooth Cannon your range for hitting a target is 150 to 500 feet. 

And according to Pop Sci, Google has created a WiFi device that can send and receive from 12 MILES away.... yes miles. 

Google's project is called Project Loon.

 

That being said, these are more and more common and the further we can do this, the further it can be done.... wait is that correct.

 

o well night folks.


CZARBOOM 
 
"Never Stop Asking Questions, Question Your Environment, Question Your Government, above all Question Yourself.  We all lose when you Stop asking Why?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users