[img]http://media.zuza.com/e/0/e04e841b-8e45-40df-920e-2c7ab65411ed/f3e7cf374665becd6475d216330e_Content.jpg[/img]
[QUOTE]A Winnipeg BMO branch got an unlikely security tip from two 14-year-olds when the pair managed to get into an ATM's operating system during their lunch break last Wednesday.
The Grade 9 students, Matthew Hewlett and Caleb Turon, used an ATM operators' manual they found online to get into the administrator mode of an ATM at a Safeway grocery store. They saw how much money was in the machine, how many transactions there had been and other information usually off-limits for the average bank customer.
"We thought it would be fun to try it, but we were not expecting it to work," Hewlett told the Winnipeg Sun. "When it did, it asked for a password."
They managed to crack the password on the first try, a result of BMO’s machine [B]using one of the factory default passwords that had apparently never been changed.[/B]
[...]
The teens even changed the machine’s greeting from "Welcome to the BMO ATM" to "Go away. This ATM has been hacked."
[...]
Ralph Marranca, a spokesperson for BMO’s head office, said no customer information was exposed when Turon and Hewlett probed the ATM's system. He did not immediately respond to questions from Postmedia News about what steps the bank is taking to ensure security at its thousands of ATMs across the country.[/QUOTE]
[url]http://www.edmontonjournal.com/news/year+olds+hack+using+manual+found+online/9921271/story.html[/url]
I didn't know hacking was successfully guessing passwords.
[QUOTE]They managed to crack the password on the first try, a result of BMO’s machine using one of the factory default passwords that had apparently never been changed.[/QUOTE]
I'm pretty sure that's the bank's fault for never changing the password.
Time to go ATM hopping to see which ones are using default passwords. Maybe I can get a reward for informing them of the exploit?
Didn't they do this in Terminator 2?
What a delightful opening picture for a thread from my city
[QUOTE=The Calzone;45049709]I didn't know hacking was successfully guessing passwords.[/QUOTE]
Yep. Hacking is just gaining unauthorized access to a system or account.
[QUOTE=The Calzone;45049709]I didn't know hacking was successfully guessing passwords.[/QUOTE]
98% of "hacking" is social engineering. Noone spends years brute-forcing passwords.
It's the fault of watch_dogs for teaching kids to hack.
Someone sue Ubisoft.
[QUOTE=Aw3s0m3n3ss;45049716]I'm pretty sure that's the bank's fault for never changing the password.[/QUOTE]
You'd be surprised how often default accounts and passwords are still active in bigger systems. Even in really sensitive systems.
[QUOTE]The teens even changed the machine’s greeting from "Welcome to the BMO ATM" to "Go away. This ATM has been hacked."[/QUOTE]
heh
watch puppies
[QUOTE=thermobaric;45049764]It's the fault of watch_dogs for teaching kids to hack.
Someone sue Ubisoft.[/QUOTE]
teaching kids to hold Q or connect pipes.
[QUOTE=G-Strogg;45049761]98% of "hacking" is social engineering. Noone spends years brute-forcing passwords.[/QUOTE]
Most of my work consists of finding flaws in encryptions and reverse engineering. Sometimes a few fun stunts thrown in like gaining full access. But only in White hat interests.
Having the processing power to bruteforce only becomes useful once you know how to limit and cut down the possible entropy.
[QUOTE=The Calzone;45049709]I didn't know hacking was successfully guessing passwords.[/QUOTE]
Hacking is getting otherwise restricted access through one method or another.
Don't be a semantics sperg. It's a 14 year old kid.
The fun part is is that once you've got this you're pretty much set because it means that whoever deployed the ATMs did a bad job at it most likely everywhere-- and its not like they can be easily remotely updated. They won't be able to easily withdraw money from this without writing software to do it and somehow loading it onto the atm(say, usb) but someone who knows how will do this eventually(has been done in past :v:
[quote]Go away. This ATM has been hacked.[/quote]
I'll lose my shit, if I ever encounter an ATM saying that.
[QUOTE=The Calzone;45049709]I didn't know hacking was successfully guessing passwords.[/QUOTE]
It is hacking, they gained unauthorised access to a system. That is pretty much the definition of hacking.
[QUOTE=Jsm;45049944]That is pretty much the definition of hacking.[/QUOTE]
It is nowadays, hardly a "hack" though in my eyes
[QUOTE=djjkxbox360;45049958]It is nowadays, hardly a "hack" though in my eyes[/QUOTE]
Just because 14 year olds did it doesn't make it not a hack, no matter what "timeframe" you talk about it in
:v: who knew that watch dogs could make your 14 year old kids hack a bank
[QUOTE=Map in a box;45049974]Just because 14 year olds did it doesn't make it not a hack, no matter what "timeframe" you talk about it in[/QUOTE]
Not about who did it, it's how you do it. Hacking used to refer to reverse engineering things, brute forcing, using exploits. Now it's just guessing passwords
[QUOTE=djjkxbox360;45049958]It is nowadays, hardly a "hack" though in my eyes[/QUOTE]
No it is the literal dictionary definition of the word hacking. It is hacking.
[editline]9th June 2014[/editline]
[QUOTE=djjkxbox360;45050028]Not about who did it, it's how you do it. Hacking used to be having to reverse engineering things, brute forcing, using exploits. Now it's just guessing passwords[/QUOTE]
No it didn't hacking has always been gaining unauthorised access to a system. It doesn't matter how its done. If I sneak into an office and access a system through an unsecured computer that system has technically been hacked.
[QUOTE=djjkxbox360;45049958]It is nowadays, hardly a "hack" though in my eyes[/QUOTE]
Nowadays? It's always been like that when talking about security.
"Always" in your lifetime. Leaving the thread in 3...2...1
[QUOTE=Lord Fear;45049791]You'd be surprised how often default accounts and passwords are still active in bigger systems. Even in really sensitive systems.[/QUOTE]
wasn't one of NORAD's really important codes 00000000 or something equally terrible for like 5 years?
It was so the higher ups wouldn't forget it or something stupid.
[QUOTE=djjkxbox360;45050078]"Always" in your lifetime. Leaving the thread in 3...2...1[/QUOTE]
[QUOTE]1976, reputedly a usage that evolved at Massachusetts Institute of Technology (however an MIT student from the late 1960s recalls hack (n.) being used then and there in the general sense of "creative prank,"[/QUOTE]
[url]http://www.etymonline.com/index.php?term=hacker[/url]
The term has been fairly broad for a long time.
[QUOTE=Empty_Shadow;45050127]wasn't one of NORAD's really important codes 00000000 or something equally terrible for like 5 years?
It was so the higher ups wouldn't forget it or something stupid.[/QUOTE]
that would be the missile launch system
and basically it was congress or some shit was like "u guys need a password", but stratcom was like "no we don't our current system works fine"
then congress said "password or you're fired", so stratcom just said "ok password is 0000000"
[QUOTE=djjkxbox360;45050078]"Always" in your lifetime. Leaving the thread in 3...2...1[/QUOTE]
"Look at how wrong I am!"
It's a shame that the companies that install and configure these machines don't have better practices. I guarantee that this problem isn't limited to ATMs
[QUOTE=The Calzone;45049709]I didn't know hacking was successfully guessing passwords.[/QUOTE]
that is probably because your understanding of hacking comes from movies
Sorry, you need to Log In to post a reply to this thread.
