In what looks like a scene from a movie, the BBC has published a video showing a cash machine handing out piles of cash after being hacked.
In the video, the hackers (researchers from computer security firm Kaspersky) entered a couple of codes on the keypad before being presented with the cash. Thankfully, this can’t be done on any ATM; it has to have been tampered with in the first place (so physical access to the machine is required in the first place), but nevertheless, represents a worrying flaw in their security.
The hack doesn’t actually remove the money from a customer’s account, it simply gets the cash machine to hand out the notes, up to 40 at a time, from its cassettes. As mentioned, it relies on someone tampering with the machine and installing malware which sits on the ATM until required. The malware is pretty sneaky at avoiding detection; it is only active at a certain time at night, and requires the hacker to know the algorithm required to activate the hack, so you couldn’t stumble across the right code by accident.
Here’s Kaspersky demonstrating the ATM hack in action:
- £20m Stolen From UK Bank Accounts Thanks To Malware (October 14, 2015)
- HSBC Launches Talking Cash Machines (May 10, 2017)
- Monzo For Android Devices (May 25, 2016)
- New Features For Monzo; Friend Payments, Security & More (November 16, 2016)
- Interactive Tool To Help You Fight Fraud (November 28, 2014)