But any tool can be used for good or ill, so I was fascinated to see this video on one of my favorite blogs demonstrating how an ATM can be hacked with an inexpensive Raspberry Pi board and a USB cable in two minutes and made to spit out cash. The biggest catch:
Before Raspberry Pi can be installed inside an ATM and connected to Ethernet, USB, or RS-232 ports, an attacker needs to open up an ATM enclosure. At the machine’s upper part, there is a service area where the host that manages the ATM’s devices and network hardware, including poorly protected GSM/GPRS modems, are located. Unlike the safe located at the bottom, the upper part is quite easy to access — there is hardly any supervision over it if any. Attackers may open the service area using easy-to-make keys and simple materials at hands.That's a lot easier than driving a truck through the front door and trying to haul away the entire ATM machine! ATMs are so ubiquitous, it will take quite a while to retrofit them all with target hardening security measures. Likely, companies will wait until they've taken losses before justifying that big a security investment.
N.b.: The solution here is decidedly NOT to ban or regulate Raspberry Pis nor to treat computer programmers as some scary security risk. The benefits from free innovation far outweigh the inevitable negative externalities, in the big picture. I mention it merely to note that the nature of crime is changing in the 21st century. Along with thefts of credit card data, these sort of tech-based attacks are a major game changer that most law enforcement agencies find themselves ill-prepared to confront.