Monday, September 25, 2006

ATM Passwords Found Online

Saw this today. I can tell you for a fact that the manufacturer's password is rarely changed.

-KG

Up to 70,000 US cash machines vulnerable.
Andrew Charlesworth, vnunet.com 22 Sep 2006

The manufacturers' passwords for cash machines used widely across the US are available online in an installation manual.

New York-based security researcher Dave Goldsmith, founder and president of penetration testing outfit Matasano Security, pieced together clues from a CNN broadcast and the website of Tranax Technologies, the ATM's manufacturer.

Then he searched for the ATM's installation and maintenance manual online which he said gave him enough information to hijack a Tranax Mini-bank 1500 series ATM if the manufacturer's default passwords had been left unchanged.

"My guess is that most of these mini-bank terminals are sitting around with default passwords untouched," Goldsmith told eWeek.

According to the Tranax website, around 70,000 1500 series ATMs are installed in the US.



Technorati Tags:

No comments: