ATM Hacked at PHDays III

5/30/2013

Foreign experts in physical information security discovered and demonstrated vulnerabilities in bank equipment at the Positive Hack Days III forum, which was held on May 23 and 24 in Moscow. The contest's ATM contained vulnerabilities, one of which gave access to servicing area without a key. The other vulnerability allowed switching the machine into service mode using a common paper clip.

Later on, a related contest was held at the venue. During a limited period of time the participants were to exploit detected vulnerabilities and reproduce the steps that allowed switching the ATM into service mode.

Mikhail Elizarov, a first-year student from the North Caucasian Federal University (Nevinnomyssk, Stavropol Krai, Russia) was the first to solve the tasks and so he won the contest.

The Positive Hack Days participants traditionally pay attention to bank security issues. Besides the contest related to physical security analysis, the $natch competition was hosted during the forum. The partakers needed to find security errors in a remote banking system. The section "Banking Applications and Cybercrimes: Which will Win?" was also held on the second day of the forum. The moderator was Artyom Sychev, Head of Security Service at Russian Agricultural Bank.