New research shows that hackers are turning to a new, more low-tech ways to steal money out of ATMs, Wired reported.
The ATM-emptying attack, which cybersecurity researchers at Kaspersky said uses a precise method of physical access, only requires a portable power drill and a $15 homemade gadget that digitally triggers the ATM’s cash dispenser.
“We wanted to know: To what extent can you control the internals of the ATM with one drilled hole and one connected wire? It turns out we can do anything with it,” Kaspersky researcher Igor Soumenkov, who presented the findings at the Kaspersky Analyst Summit, explained. “The dispenser will obey and dispense money, and it can all be done with a very simple microcomputer.”
What’s typically left behind in these attacks is a completely empty ATM and a golf-ball sized hole next to the machine’s PIN pad.
After first seeing an instance of this specific type of ATM attack last fall, Kaspersky began to investigate and eventually discovered more than a dozen similar heists had also taken place.
Though Kaspersky has yet to release the name of the ATM manufacturer or the banks that have been impacted, Wired noted that the machines have been widely used since the 1990s.
The manufacturer has been alerted to the attack techniques, but unfortunately there is no simple fix for the vulnerability. Kaspersky researchers said addressing the issue would require replacing the hardware in the ATMs in order to add increased authentication methods. If that doesn’t work, the next step would be to add physical measures such as access controls and surveillance.
U.K. police have warned the public about a new fraud threat at the local ATM: tiny cameras drilled into London ATMs.
According to The Telegraph, the cameras are so well-hidden that it would be extremely difficult for bank customers to locate them. The tiny pinhole cameras are hidden by a false casing on the machine and can film people putting in their PIN numbers.
So far, there have been four reports of these cameras at cashpoints (ATMs) in London, and authorities are warning that there could be more.