Hacked Gadgets Forum

December 1, 2006

ATM PIN Numbers Hacked?

at 5:09 am. Filed under Computer Hacks, What Were They Thinking

You probably remember the Tranax ATM problems. The with the Tranax machines was due to a poor password system. This latest issue is with the security of ATM PIN number for the entire ATM network worldwide!

Here are some papers that have some detailed information about the exploit.
Decimalisation Table Attacks for PIN Cracking (PDF)
API-Level Attacks on Embedded Systems (PDF)

“Researchers who work for an Israeli computer security company say they have discovered a fundamental weakness in the system that banks use to keep debit card PIN codes secret while they are transported across bank networks – a flaw that they say could undermine the entire debit card system.

Using the methods outlined by the researchers, a hacker could siphon off thousands of PIN codes and compromise hundreds of banks, said Odelia Moshe Ostrovsky, the report’s principal author. Criminals could then print phony debit cards and simultaneously withdraw vast amounts of cash using ATMs around the world, she said.

Rarely does the transmission go directly to a consumer’s bank. Instead, it is handed off several times on a banking network run by several third parties. Each time a bank passes the data along, it goes through a switch that contains the hardware security module and the PIN block is unscrambled and then rescrambled. It is at these intermediate points where hackers could trick the machines into divulging PINs, the ARX researchers said.”

Thanks for the tip Mark.