Goldilocks and the three ATM attacks

Presented at ToorCon San Diego 20 (2018), Sept. 15, 2018, 4 p.m. (50 minutes)

Automated Teller Machines (ATM) attacks are more sophisticated than ever before. Criminals have upped their game, compromising and manipulating ATM networks, software and other connected infrastructure. Between having a third-party manage these machines, and ATMs deployed on low-bandwidth links, it’s an inevitable wild-west environment. In this talk I will review three case studies of ATM attacks, showing how they have become more dangerous than ever before. In this session, I will discuss unknown ATM flaws our pentesting team has uncovered while performing testing, the various ways criminals are attacking ATMs, the many security problems that we have identified with ATM systems, and what can be done to prevent these attacks. I will review three case studies of ATMs. One where the ATM security was extremely poor; One where the security was very good but the ATM still fell victim to an attack because we discovered a zero-day in the management software; And one where the security was just right- but its specific deployment had some major flaws that ultimately led to an ATM compromise. In this last case, the attackers side-loaded an application, and were able to run a criminal ring that led to $7M USD in losses.


  • David M. N. Bryan / VideoMan as David Bryan - VideoMan
    David M. N. Bryan is the Global Managing Consultant in charge of Technology with X-Force Red, IBM’s elite security testing team. His responsibilities include establishing standardized tool sets and environments for project delivery, and delivering on pentest projects. David has over 17+ years of professional Information Security experience. From being a defender of security at a top ten bank, to securing the DEF CON network. David has been a participant in the information security community for 18+ years, first starting out as a DEF CON volunteer (Goon) - and now is on the board that runs Thotcon, a Chicago Information Security conference. For the last ten years David has been the attacker in many scenarios as a penetration tester covering: network, embedded, wireless, web applications, and physical security. David has presented at BlackHat, DEF CON, ToorCon, LayerOne, ToorCamp, BSides Events, and AppSecUSA. David lives in cold, but beautiful Minneapolis Minnesota.


Similar Presentations: