Using Dilinger and Scrooge to hack ATMs #BlackHatUSA
LAS VEGAS. Security researcher Barnaby Jack (pic left) took to the stage at Black Hat and showed how he could 'jackpot' ATMs to get cash.
And guess what? According to Jack, it's Microsoft Windows that bears some of the blame for the way that he can get ATM's to give him cash.
Jack noted that his goal wasn't to necessarily teach people how to defraud ATM's, but rather to highlight insecurities in ATMs.
Jack explained that most ATM's run Microsoft Windows CE on ARM processors and they all tend to have remote updating capabilities. Jack wrote a remote exploitation program called Dilinger to remotely exploit the ATM. Then once the ATM is exploited he has another program called Scrooge which is a root kit for the ATM. With those tools, Jack - much to the delight of the massive Black Hat crowd that gathered to see him - used his tools to exploit a pair of ATMs on stage - Live.