Bugtraq mailing list archives
Re: More Vulnerable ATM Models
From: Jacob Appelbaum <jacob () appelbaum net>
Date: Fri, 22 Sep 2006 23:08:45 -0700
Steve wrote:
The entire Triton 9100, and 9700 hundred series of machines are vulnerable to the same default password problem that's been in the news lately in one form or another. More details can be found on my blog, including sources for the relevant manuals. http://hardware.quicksilverscreen.com/more-vulnerable-atm-models-discovered/
These "vulnerabilities" are old hat. Every night club owner in your nearest city knows about these default passwords. It's pretty common to see a change in the messages on the receipts rather than changing the value of the bills. I've heard about people changing the bills as a prank and a nightclub is probably a good place to pull such a "prank" if you're trying to mess with the company in question. Common functions for those that haven't actually messed around with these ATMs (or machines like them) include: A three track magstripe reader that dumps card data to the screen. A nifty printer demo. The ability to change displayed messages on screen and on printouts. Language localization. The ability to change the password. It's also quite easy to actually crash the ATM in the magnetic stripe testing menu section. This is especially crappy for the owner or renter of such a machine if it's built into a wall. Extra points if you can fit your shellcode on a magnetic stripe and get a connect back over the modem. Also in the realm of important default passwords worth alerting the world about: Oregon trail can be won in under 30 minutes if you type the secret password of "boom" during game play!
Current thread:
- More Vulnerable ATM Models Steve (Sep 22)
- Re: More Vulnerable ATM Models Jacob Appelbaum (Sep 25)