Turning automated teller machines into your personal piggy bank is easy—alarmingly easy. That’s the message of Barnaby Jack, a software-cracking whiz turned digital-security researcher. He has demonstrated his hacking prowess at events like DefCon, coaxing ATMs into spitting out wads of cash in less than a minute using scripting know-how, a few simple tools, and some Googling. Here’s his method.
1. Scout a Target
You want locales without video surveillance—think bars, not banks. Once you know the machine’s make and model, a quick web search can readily yield hardware specs, operators’ manuals … sometimes even online access.
2. Craft Your Code
This is the tricky bit. You’ll need to roll your own malware to override the manufacturer’s firmware. But buck up—online user guides explain the ATM’s OS, which is often primitive. “It’s 1999-level technology,” Jack says.
3. Break In
When no one’s looking, pop open the control-panel hatch with a paper clip or bobby pin. “The locks on ATMs are the same types that protect toilet paper in a public lavatory,” Jack says. (Master keys can also be purchased online.)
4. Upload the Malware
Insert a thumb drive or SD card into the ATM’s main board. It will assume it’s getting a system upgrade. And voilá—pwnd. Set up your own key sequence that gives you access (and cash) whenever you want.