Current News

Hackers use Samsung Galaxy S4 to rob ATMs

Hack ATMs with a smartphone

Hackers have discovered a way to hack certain types of ATMs using a fresh-out of-the-box Samsung Galaxy S4, according to Hackread. It just requires a simple set of commands, the right type of ATM, and a chip physically inserted into the machine.

The new hack is an evolution of a “black box” attack, which is a type of ATM fraud where the perpetrators physically break into the top of the ATM. Once the ATM is open, the crooks then disconnect the ATM’s cash dispenser from the machine’s central computer and connect their own device. From there, the thieves can issue their own commands, including the order to dispense cash.

A new type of attack takes the black box attacks one step further.

No honor among thieves

A recent attack outlined by the site Krebs on Security found that these particular black box attacks added a USB-based circuit board, connected to the ATM’s internal processor. Krebs is still investigating, but he believes that the circuit board was meant to fool the ATM’s core into thinking it was still connected to the processor, overriding possible alarms, which would trigger a lockdown of the system and alert the ATM’s owners.

“They didn’t have to do this [to get away with the money] but our guess is they thought this component would buy them some time,” Charlie Harrow, solutions manager for global security at NCR, the manufacturer of the ATMs in question said.

The crooks then used a virgin smartphone, specifically a Samsung Galaxy S4, although presumably other devices could be used as well as long as they have comparable processing power. The smartphone was then attached to the ATM and used as a conduit to send commands to the ATM to dispense cash.

The ATM could then be hacked remotely at almost any time by the person with the smartphone. Given that the crooks would need to be nearby to grab the dispensed cash, the reason for this may come down to control.

“There is no honor among thieves, and these guys will delegate responsibility,” Harrow stated. “That way, you have the Mr. Big back at the hideout who’s sending the commands, and the mules are the ones at the ATMs. So the mule who has the black box is unable to activate the attack unless he gets the command from the Mr. Big, and the mobile phone is the best way to do that.”

Increased ATM security is needed

There are, multiple ways to hack and ATM. The phone itself is just a device that can issue the commands to an ATM that fool it into dispensing cash. A few months back, a hacker in Tennessee discovered a specific set of key commands that makes the ATM think it is dispensing $1 bills, when it is actually releasing $20s.

That hack specifically targeted machines manufactured by Trident and Tranx Technologies. The new attacks with a smartphone targeted machines built by NCR.

To its credit, NCR is warning customers that plan to deploy ATMs in unmonitored areas to consider wall mounting the units as opposed to stand alone machines. NCR also issued a recent patch that improves the encryption of its ATM cores.

The improvements will help, but there will always be hackers and thieves out there that find a way around the safeguards.

“All things considered, this is a pretty cheap attack,” Harrow said. “If you know the right commands to send, it’s relatively simple to do. That’s why better authentication needs to be there.”

Comments

comments

Founder and DBP boss. Ryan likes the Kansas Jayhawks, long walks on the beach, and high fiving unsuspecting people.
5 Comments
  1. BRAVO May 28, 2015 at 1:04 am

    Hack and take money directly from any ATM Machine Vault with the use of ATM Programmed Card which runs in automatic mode. email ([email protected]) or call +2347038566755 for how to get it and its cost.

    ………. EXPLANATION OF HOW THESE CARD WORKS……….

    You just slot in these card into any ATM Machine and it will automatically bring up a MENU of 1st VAULT #1,000, 2nd VAULT #5,000, RE-PROGRAMMED, EXIT, CANCEL. Just click on either of the VAULTS, and it will take you to another SUB-MENU of ALL, OTHERS, EXIT, CANCEL. Just click on others and type in the amount you wish to withdraw from the ATM and you have it cashed instantly… Done.

    ***NOTE: DON’T EVER MAKE THE MISTAKE OF CLICKING THE “ALL” OPTION. BECAUSE IT WILL TAKE OUT ALL THE AMOUNT OF THE SELECTED VAULT. To get the card call +2347038566755 or email ([email protected])…

    Reply
  2. Harold June 14, 2015 at 11:01 am

    I am Mr. prince Harold , i want to use this medium to thank Marce who helped me with an already hacked ATM CARD and i was so poor without funds that i got frustrated. One morning as i was browsing on the internet, i saw different comments of people testifying of how Marce helped him from being poor to a rich man through this already hacked ATM CARD. I was skeptical if this was true, i decided to contact one of the people giving this testimony to see proof before i contact this hackers, and they proved to me beyond all doubts that its was really for real so i urgently contacted the email {[email protected]}, and today am also testifying on how Marce helped me. I never believed in it until the card was sent to me, which am using today Contact the company now and become rich. Email: [email protected]

    Reply
  3. Mr Baker June 23, 2015 at 1:34 pm

    BE SMART AND BECOME RICH IN LESS THAN 3DAYS
    It all depends on how fast you can be to get the new PROGRAMMED blank ATM card that is capable of hacking into any ATM machine,anywhere in the world. I got to know about this BLANK ATM CARD when I was searching for job online about a month ago..It has really changed my life for good and now I can say I’m rich and I can never be poor again. The least money I get in a day with it is about $50,000.(fifty thousand USD) Every now and then I keeping pumping money into my account. Though is illegal,there is no risk of being caught ,because it has been programmed in such a way that it is not traceable,it also has a technique that makes it impossible for the CCTVs to detect you..For details on how to get yours today, email the hackers on :[email protected] Tell your loved once too, and start to live large. That’s the simple testimony of how my life changed for good…Love you all …the email address again is :[email protected]

    Reply
  4. Kelvin July 23, 2015 at 8:39 am

    I am Kelvin from, USA and life has been so difficult for me ever since the death of my Wife, i tried all i could to make sure i feed my family but things seems to get worse by the day. One Faithful day after i came back from church, i was chatting with my Mum on the Internet when i came across a comment of How Mr. Smith Greg, the Director of the H.A.C organization helped her with a hacked ATM card. I doubted it because it sounds too easy, two days later, i came across another comment by Jessica Roberts commenting of how the the same man helped her with the same hacked card. But still i wanted to be sure, so i contacted Jessica Roberts and she told me that this was real. I had no choice than to give it a try by sending a mail to the organization, few seconds later i got a response demanding for my information which i did sent to him. He told me that i have nothing to be scared of that i will have my card withing three days, thou i still doubted him while waiting for a positive response from the hackers, but to my greatest surprise i got a call from the courier stating that i send them my address to enable them deliver my card which i also did, and two days later i received the hacked card and i was also given the pin. I went to the ATM machine to see if it really works i inserted the card and to my greatest surprise, i made a withdrawal of $5000.00 United Stated Dollars until i was able to withdraw the sum of $500.000.00 Usd. Please thou this is illegal but if you need this same card without losing any thing, contact the email below: {[email protected]}

    Reply
  5. Eliot Snel January 29, 2019 at 4:38 pm

    Ik ben de heer Eliot Snel, ik wil dit medium gebruiken om de heer Van Alfons te bedanken die me heeft geholpen met een van zijn witte kaarten. Voordat ik zo arm was zonder geld totdat ik zijn e-mail op het net zag. En vandaag getuig ik ook van hoe hij me hielp. Ik geloof het nooit totdat ik ook maar één blanco kaart heb aangevraagd. Ze hebben me de kaart gestuurd die ik vandaag gebruik als je het blanco kaartcontact met de pinautomaat wilt aanvragen ([email protected]) Bedankt.

    Reply

Leave a reply