Cybercriminals in Russia and Europe have found a weak spot in some ATM machines that allow them to access a vital bus giving them complete control of the unit’s cash dispensing system.
Kaspersky Labs uncovered the hack when an unnamed bank asked the company to investigate what the bank robbers did to one of its ATMs, wrote Kaspersky researcher John Snow. Unlike more sophisticated attacks that use remote code execution to empty an ATM, these guys used the direct approach where they drilled a 1.5-inch hole near the keypad.
The hole is directly above a 10-pin header that connects to a bus that can control all the ATM’s components, including the part that spits out money.
Snow said the Kaspersky team built a small circuit board, costing $15, to control the ATM and used it to make the machine empty its coffers. He added, that a laptop could be configured to handle the job.