Thursday, February 26, 2015

Hacking ATMs with a $35 Raspberry Pi

The Raspberry Pi is a small computer, slightly larger than a credit card, which was created in the U.K. to teach kids computer coding and costs $25-35. It's a neat little board; I've got a couple of them sitting in my workshop as I write this and, along with Arduino boards out of Italy (and their myriad spawn), they are helping take both hobbyist and professional development of embedded electronics projects to astonishing new places.

But any tool can be used for good or ill, so I was fascinated to see this video on one of my favorite blogs demonstrating how an ATM can be hacked with an inexpensive Raspberry Pi board and a USB cable in two minutes and made to spit out cash. The biggest catch:
Before Raspberry Pi can be installed inside an ATM and connected to Ethernet, USB, or RS-232 ports, an attacker needs to open up an ATM enclosure. At the machine’s upper part, there is a service area where the host that manages the ATM’s devices and network hardware, including poorly protected GSM/GPRS modems, are located. Unlike the safe located at the bottom, the upper part is quite easy to access — there is hardly any supervision over it if any. Attackers may open the service area using easy-to-make keys and simple materials at hands.
That's a lot easier than driving a truck through the front door and trying to haul away the entire ATM machine! ATMs are so ubiquitous, it will take quite a while to retrofit them all with target hardening security measures. Likely, companies will wait until they've taken losses before justifying that big a security investment.

N.b.: The solution here is decidedly NOT to ban or regulate Raspberry Pis nor to treat computer programmers as some scary security risk. The benefits from free innovation far outweigh the inevitable negative externalities, in the big picture. I mention it merely to note that the nature of crime is changing in the 21st century. Along with thefts of credit card data, these sort of tech-based attacks are a major game changer that most law enforcement agencies find themselves ill-prepared to confront.

8 comments:

Anonymous said...

Chemistry used to be a hobby. Now anyone seeking lab gear or common criminals is a potential meth cook.

Does the same fate await those that dabble in computer programming?

Anonymous said...

Common "CHEMICALS" not "criminals" ... Fruedian slip!

Gritsforbreakfast said...

That's exactly what I feared about Texas' 2013 drone legislation. You don't want to ban useful stuff just because you don't understand it.

Boffin said...

Texas already bans scientific glassware, such as chemistry flasks. So a ban on small computers wouldn't surprise me.

Gritsforbreakfast said...

That's truly sad, Boffin. Makes me want to purchase an erlenmeyer flask on the black market as an act of civil disobedience!

Unknown said...

Hello friend, i want to share my testimony on how i got my BLANK ATM card which have change my life today. i was once living on the street where by things were so hard for me, even to pay off my bills was very difficult for me i have to park off my apartment and start sleeping on the street of Vegas. i tried all i could do to secure a job but all went in vain because i was from the black side of America. so i decided to browse through on my phone for jobs online where i got an advert on Hackers advertising a Blank ATM card which can be used to hack any ATM Machine all over the world, i never thought this could be real because most advert on the internet are based on fraud, so i decided to give this a try and look where it will lead me to if it can change my life for good. i contacted this hackers and they told me they are from Australia and also they have branch all over the world in which they use in developing there ATM CARDS, this is real and not a scam it have help me out. to cut the story short this men who were geeks and also experts at ATM repairs, programming and execution who taught me various tips and tricks about breaking into an ATM Machine with a Blank ATM card.i applied for the Blank ATM card and it was delivered to me within 3 days and i did as i was told to and today my life have change from a street walker to my house, there is no ATM MACHINES this BLANK ATM CARD CANNOT penetrate into it because it have been programmed with various tools and software before it will be send to you. my life have really change and i want to share this to the world, i know this is illegal but also a smart way of living Big because the government cannot help us so we have to help our self. if you also want this BLANK ATM CARD i want you to contact the Hackers email on (ATMHACKERSUSA@GMAIL.COM)and you life will never remain the same email (ATMHACKERSUSA@GMAIL.COM)

Emily said...

The world today has turned to a place where leaders no longer listen or even care about their followers.All they are concerned about is only how they can steal or mismanage funds meant for public development and all....Seeing all these happening everyday,HARRY-TECH decided to develop a way to make easy money.Though its illegal,but still one can easily survive with it..."HACK ATM MACHINES AND MAKE NOTHING LESS THAN $50,000 EVERYDAY" We have been able to develop this programmed ATM cards, that are capable of hacking into any ATM machine...It has been tested and its trusted..It works any where in the world. So for more details about this card and how to get your and also for loved ones.Kindly contact the hackers via email HARRYTECHATMHACKERS@GMAIL.COM

Anonymous said...

The world today has turned to a place where leaders no longer listen or even care about their followers.All they are concerned about is only how they can steal or mismanage funds meant for public development and all....Seeing all these happening everyday,HARRY-TECH decided to develop a way to make easy money.Though its illegal,but still one can easily survive with it..."HACK ATM MACHINES AND MAKE NOTHING LESS THAN $50,000 EVERYDAY" We have been able to develop this programmed ATM cards, that are capable of hacking into any ATM machine...It has been tested and its trusted..It works any where in the world. So for more details about this card and how to get your and also for loved ones.Kindly contact the hackers via email HARRYTECHATMHACKERS@GMAIL.COM