Crooks Extract Cash From ATM Using USB Port, Smartphone

ATMs are giant boxes filled with cash that sit on every street corner. Of course crooks will try to gain access to the money inside, using everything from forklifts to explosives. Here’s one method that you my not have anticipated, though: some savvy crooks gained access to an ATM’s ports and connected a mobile phone to it, planning to make it spit out cash.

Yes, it is theoretically possible to make an ATM spit out cash outside of that one Doctor Who episode. Brian Krebs shared information on the crime in the latest edition of his True ATM Crime Chronicles. (He doesn’t call it that, but maybe he should.) In this attack, the presumed cash mules used a USB-connected circuit board to make the cash-dispensing machinery believe that it was still connected to the ATM’s own computer. Then a remote mastermind hijacked that money machinery through the phone.

NCR, ATM-maker to the world, wanted to publicize this attempted heist to point out to store and banks that whenever possible, they should really consider mounting their ATMs on a wall instead of making them standalone units.

Of course, making an ATM spit out money can also be done using malware, which is why the physical ATM and its software should be secure.

Thieves Jackpot ATMs With ‘Black Box’ Attack [Krebs on Security]

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.