Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Bank machine reprogramming made easy
Published: 2006-09-20

A bank machine in Virginia Beach has been reprogrammed to dispense four times the money requested, and the simplicity of the procedure has created questions about the security of independent bank machines.

In August a man entered a gas station on Lynnhaven Parkway and proceeded to go through the typical ATM process of inserting his bank card and entering the associated PIN. Unbeknownst to the store attendant, the man had entered the bank machine’s security code and proceeded to reprogram the machine into counting bills dispensed as $5 rather than the $20 bills that were actually being dispensed. The machine was left this way for nine days before someone mentioned the discrepancy to the store clerk.

A video posted on YouTube shows the machine in question, which has been identified by a blog as the Tranax Mini Bank 1500 series. Further investigation into this machine revealed that the password, which allows access to diagnostic mode is set to a default value unless requested otherwise. This default is printed in the manual, along with other sensitive information such as the default combinations for the safe and instructions on entering diagnostic mode.

The man behind the heist has yet to be identified, as a pre-paid bank card was used in the initial withdrawal; Police are investigating the event as a fraud case.

Posted by: Peter Laborge
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus