While making a withdrawal in one of the BDO ATM last night, the screen suddenly popped up showing a command line window. I was able to quickly take a quick snap shot below.
While it’s no uncommon to see teller machines on blue screens of death (BSOD), this is one is a bit odd to me as it shows the command line window and FTP instructions to some IP address.
I thought it was just a bug, but then after I repeated my initial steps 2 or 3 times, the window did not show up again.
Good thing it didn’t show any passwords in it or something really sensitive. Although it was possible those two guys ahead of me were doing something to the ATM I just didn’t noticed.
Loading ...
WHOA!!! IF THATS HAPPENED TO U IT MIGHT HAPPEN TO ME TOO OR EVERYONE USING BDO ATM , SIR ABE. . I’M A BDO ATM HOLDER TOO. . . . I HOPE IT WONT HARM THIER ATM SERVICES.
Yup, that is indeed odd. SCARY!!!
Twitter: kzapkzap
replied on Jan 10th, 2009 at 8:36 am (3)
that ip though is i believe is local and not for internet access, so it might be a batch job or something
http://whois.domaintools.com/172.16.16.106
Probably those two guys were from BDO, their bodyguards went ahead of them (which I believe is against the protocols). I’ve seen a few incidents where the guy or guys who have the “master” card was left alone by their bodyguards because he was “simply” doing a final test run.
Which is… dangerous. But regardless.. if those two guys ahead of you were not from the bank, then they got hold of a master card/key, or they’re testing their newly created master card/key.
Twitter: kmendoza
replied on Jan 10th, 2009 at 11:03 am (5)
Woah, that’s scary… Sana lang walang nakuhang details or info about your account and the one’s before and next to you. Can BDO explain this as well?
@JC – it was last in the evening so I don’t think those guys were from BDO.
@Kenneth – the window popped up for 6 or 7 seconds and disappeared so I wasn’t able to see the whole thing as it scrolled.
@Andre – I think that batch command should have ran from the background but something triggered it to pop up.
Don’t worry much, it seems just a scheduled task. This ATM machines are on a private and secured networks.
Although I haven’t seen an ATM CLI in action yet, I have encountered an ATM flashing/showing its XP desktop screen.
This doesn’t suprise me. BDO’s ATM network is unreliable.
I have a BDO ATM account. There are countless times that I wasted time falling in line only later to find out that I cant even access my account. But when I used another bank’s atm network. I could access it with no problem and get my cash. Thanks a lot BDO for that bank charges. =(
What you saw was the “Roll-over”, wherein transaction logs are sent for comparison. This what they check in case there are reports of incomplete transaction (eg: transaction time-out errors with no cash dispensed but it debited your account). It probably run as scheduled job since the CMD window reads svchost.exe, you can just run the script as scheduled command like c:\windows\system32\ftp.exe -s:runftp.txt
Anyway,try the internet banking kiosk at SM-Makati (At ATM center), you can surf net and check your mail. LoL. Im not sure if they reverted my changes to config there yet, but should be easy to figure out yourself how to get net. I’ll try to visit it sometime again and check
Finally, a lot of BPI ATMs at Glorieta uses wireless radio, this is not the same as WIFI — I pick them up on my laptop without SSID, its a high grade version maybe similar to WAN Sync. Still it uses the same principle of WIFI connection, easy to eaves drop on.
BTW even here at my neighborhood, you’ll be amazed how much data floats in the airwaves if you set your WIFI to passive read; IM chats, skype calls, even open file shares.
So yeah, banks sucks in terms of security because they think nobody understood how these thinks work anyway but an average script kiddie will do a better job than their software development dept. X_X
@godie – banks uses encrypted data transmission.
@Anonymous – we all know that it should have encrypted data transmission and “IT SHOULD” really have. But I think godie is trying to say that “some” of those bank dont do it that way, or maybe they forgot it. LOLZ.. Kidding aside, If godie is saying the truth, mobile banking in the country is at a very high risk if hackers will know about this. To think that there are lots of Filipino who are good in IT, maybe there are some that can break into this.
@godie – Dude, you should not give that info in public. ^_~
Well, as I can see in the CLI. It tells that it runs the svchost.exe. It also connects in a local private ip address. Well svchost.exe is a double-edged blade that runs on window which can be used as secured connection or it can also be used as a backdoor way for hackers. It is also registered as a Trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system. So those 2 guyz ahead of you abe should be the one responsible for that, and to think that it was late in the evening, they might got something to do with it.
I also have an account in BDO.
Happened to a friend of mine about a couple of years ago but with a BPI atm naman
it happened also to me in ucpb machine.
Hi to all…
The command line you see in those atm are the task schedule for uploading the Electronic Journal to the Central office of the bank. This does not affect the transaction or account of the user using the ATM.
It looks like a scheduled job. I think this specific atm is uploading the transactions to a central server. (172.16.16.106 – looks like a private ip addr)
A look at the file, it seems that the file naming convention includes date/time. (Jan 9, 2009) thus the 090109 in the file name.
I have actually already encountered this situation… when i changed my PIN..
And I learned that it’s the new system that BDO setup in that area..
So, there are times that this command line shows up, but it should be actually fast.. really fast..
Good you got a snapshot of it, a good idea would be to submit a report to BDO…
that’s scary.. Their local network could be vulnerable to attacks if the command prompt would show up confidential information like account numbers or PINs..
oh, dear…now I’m beginning to have second thoughts with my BDO ATM and internet banking application…any encouragements? (discouragements?)
looks like somebody’s using ftp to transfer some files on the atm to another computer.
sana man lang sftp ginamit para encrypted. isipin mo na lang kung me makaka intercept ng network traffic na yan…
It is a non-routable address (172.16.0.0 – 172.31.255.255) hence, a private IP address and cannot be traced.Kabahan na tayo kung yung IP address na nakalagay jan eh public IP. Nakows, lagot na. (I’m a BDO fan too.lol)
hi. just opened an ATM account with BDO. grabe, scary naman yan.
anyway, i have a question.
di ba sa intial deposit (and to the succeeding ones), may receipt sila na ibibigay? yung number ba na nag-appear dun yung account number? i just noticed that the number in that receipt is the same as the one indicated in the confirmation letter that bdo sent me days after i opened an account. ilang digits ba usually yung account number dun? before kasi metrobank ako. thanks a lot.
ay spy cam ba atm nila??
I promise to myself tonight.. this is going to be my last transaction with any BDO ATM machines. When I made a withdrawal just an hour ago, the screen prompted a successful transaction as in “GET YOUR CASH” tapos I’ve waited for minutes I guess.. biglang temporarily unable to process… TAE!!
pnb atm ng mom ko may nag withdraw ng 10k..nagtaka sya kasi wala na ung maintaning balance nya. so nireklamo nya sa pnb ang sabi lang sa kanya may nag withdraw sa other bank un lang ang info na binigay then pinaiwan ang atm.ganun lang ba yun?
mga bobo kayo