Watch Dogs live. He hacked an ATM using an Android app

At this stage, probably everyone has already heard about the game of the Watch Dogs series of games, in which the hero must use his computer skills to use the environment connected to the global network for his purposes. Gates, doors, traffic lights and even ATMs can be hacked using a smartphone, which is one of the most important sources of cash at the beginning of the game. Many people probably wondered at that moment whether such tricks are possible to use in reality and whether only a smartphone with an Internet connection is enough to cheat an ATM. In reality, however, these machines are very heavily protected both from the software and hardware integration side, and it certainly takes more than a smartphone to break into them. Definitely...

And yet not. A smartphone with NFC is all you need to fool an ATM

ATMs, like all devices, evolve to provide their users with the highest possible comfort. That is why today many machines have NFC pads, to which it is enough to bring a card or phone. That's all Joseph Rodriguez needed, a cybersecurity consultant at IOActive, who decided to check how much it would take to break the security of an ATM and cash register (online POS). As it turned out, thanks to a special application, he was able to send information via NFC that suspended or crashed ATMs and cash registers, changed the value of the transaction (e.g. when paying 50 dollars, one was actually taken from the account) or even forced ATMs to spit out cash . Rodriguez stated in an interview with Wired: "If you coordinate the attacks and send a special file to the ATM software at the same time, you can make it withdraw cash simply by clicking a button in the app."

Joseph came up with his discovery by chance while testing online payment terminals. He noted that most of them do not have security that limits the maximum amount of data that can be accepted. Contactless payments require little, but a specially crafted application is able to generate a much larger data packet, which may cause a buffer overflow and, as a result, force the device to behave unexpectedly. This method of attack has been known for years, and when Joseph discovered that it works, among others, on ATMs, he immediately contacted the manufacturers to update the software of their products. A year has passed since then (the discovery was kept secret to prevent criminals from using this method), but unfortunately, as we know, software updates are not manufacturers' forte. Therefore, it is not known how many of the devices on the market are still vulnerable to this type of attack.

Source