NFC flaws let researchers hack an ATM by waving a phone
Enlarge (credit: Chalongrat Chuvaree | Getty Images)
For years, security researchers and cybercriminals have hacked ATMs by using all possible avenues to their innards, from opening a front panel and sticking a thumb drive into a USB port to drilling a hole that exposes internal wiring. Now, one researcher has found a collection of bugs that allow him to hack ATMs-along with a wide variety of point-of-sale terminals-in a new way: with a wave of his phone over a contactless credit card reader.
Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC systems are what let you wave a credit card over a reader-rather than swipe or insert it-to make a payment or extract money from a cash machine. You can find them on countless retail store and restaurant counters, vending machines, taxis, and parking meters around the globe.
Read 12 remaining paragraphs | Comments