Skip to content
March 27, 2014

Hackers use text messaging to make ATMs dispense cash

We’ve seen different ways of how hackers gain control of an ATM to steal money in the past, but Symantec’s blog post reports of a recent method to make ATMs dispense cash and it just involves a text message. They added that one of the main reasons ATMs are easily hacked is because of the use of an outdated Microsoft XP.

ATM_blog_infographic_fig1

According to the post, there’s a 3-step process before the ATM starts spewing cash:

First is when hackers install a Trojan virus called Backdoor.Ploutus.B (referred to simply as Ploutus) unto the computer of the ATM via USB tethering.

When a full two-way connectivity is established, specific SMS command messages from a second phone far away are then sent to the tethered phone. The phone receives the message with the required format and converts it into a network packet, then forwards it to the ATM’s computer through the USB cable.

The embedded Ploutus in the computer starts up and basically commands the ATM to begin dispensing cash, just about the same time an accomplice goes to the ATM to ‘withdraw’ money.

Symantec pointed out a couple of factors that could make ATMs vulnerable to these attacks and one of the main reasons is the present use of an outdated Windows XP. They advised the owners to upgrade to the latest operating system not just for features, but also for security.

To go into the detailed process of how the whole operation is done, head over to Symantec’s blog on the source link.

{Source}

Huawei Ascend Mate & Review

Smart's LockByMobile avoids ATM, credit card fraud

37 Responses to “Hackers use text messaging to make ATMs dispense cash”

  1. jake says:

    ok WTF is this logic? If you can install a USB or Phone inside the ATM? It means you already open the machine, why not just get the cash inside instead?

    Pahihirapan mo pa sarili mo gumawa ng trojan, tapos magtetext ka pa.

    • Miss Call says:

      ;-)

    • cypher says:

      Even if you have access to the atm, it doesnt mean that you have access to the cash because it’s inside the vault. Judging from your comment, you dont know how an atm works.

    • ohhh says:

      this comment gave me brain cancer.

    • jake says:

      @Cypher
      Hindi mo ata naintindihan, kahit may vault pa yan makukuha mo yung vault. Binuksan mo yung machine, meaning walang nakakakita sayo, like cctv, person. If you have a will to open it, you have the guts to get the cash by all means.

      Actually meron video sa youtube, kinuha nila yung vault ng machine within a minute.

      Judging from your comment, your a pessimistic person.

    • tets says:

      you mean nahahack din ang de-susi na vault ng atm?

    • jake says:

      @tets
      Naaawa ako sayo.

    • wew says:

      @Jake wow ang galing mo naman.edi sana kung ok talaga yang idea mo edi d na dapat sila nagpakapagod gumawa ng virus.sa opinyon ko mas maganda ung idea na paggamit nitong trojan,kaysa naman sa sinasabe mong pagkuha ng mismong vault(na mabigat at malaki haha).most likely kayang gawin tong paglalagay ng trojan kung walang gwardiya at cctv ung atm(assuming na hindi siya nakakabit sa banko…ibig sabihin magrerely lng ung atm sa sarili nitong security).kahit may mga tao sa paligid,basta d naman ganun kalapitan magagawa nilang mailagay ung trojan kasi d naman ganun kapansinpansin.kaya nilang magwithdraw ng pera ng hindi napapansin.tska d mapapansin na ninakawan ung atm,atleast by physical means.eh panu kung ung idea mo ang ginawa?kailangan talagang wang halos katotao sa paligid.magiging kapansinpasin din kayu kase d naman kaya ng isang tao lng ung pagkuha ng vault.and last,d mo maitatago ung crime mo ng mahabang oras,kasi halatang kinuha ung vault.eh pag ung trojan,pede cguro mapansin nila pag irereplenish na uli ng pera ung atm,o pedeng d na talaga mapansin.

    • jake says:

      @wew
      Refer to this link.

      https://www.youtube.com/watch?v=IzJam3l7iXE

      Ang dami mong sinasabi. Bobo ka naman

    • cypher says:

      the video you shared shows how a robber works his way into the atm. A hacker would not bomb his way inside the vault. Yun ba gusto mo ipaintindi sa amin?

    • wew says:

      @jake ayun!sabe na eh bobo ka hahaha.d mo binasa comment ko noh?o binasa mo ng ilang beses pero d mo naintindihan kase bobo ka?hahaha ang punto ko,bat ka pa gagamit ng trak,maraming tao,pwersa para manira para magnakaw na alm mong makaiiwan ka ng bakas at malalaman kaagad ng iba na nagnakaw ka?kung pede naman na maglagay ka lng ng trojan,na kung tutuusin puhunan mo lng eh utak mo pati computer pati kuryente para makagawa ka,at makapagnakaw ng limpak-limpak ng walang nakakapansin?2lad ng sinabe ko baka nga d madetect na may nagnakaw sa atm nila…baka nalaman lng nila nang may nakita silang virus sa loob ng computer.ayan po ung punto ko ah,tagalog pa yan.dangbobo mo na pag d mo p naintindihan.

    • jake says:

      @wew
      Nakakaawa ka, sana umayos ang pagiisip mo.

    • wew says:

      @jake talaga lang huh?haha wala ka na bang masabe kaya ganyan na lng nasasabe mo?d mo na madefend ung sinasabe mo?mahina ka pla eh ok sana kung walang halong panlalait ung opinyon mo,walang titira sau.next time kase kung gagamit ka ng panlalait siguraduhin mong tama ka,kakahiya e bobo ka naman pla.

  2. woohoo says:

    inside job to

  3. Jake says:

    Microsoft marketing strategy :)

  4. hindi naman yan hacker, inside job yan hahahaha

    • MrPhabletBulacan says:

      Nagtaka nga din ako, sino ba nakaka access ng usb ng ATM? May usb ports ba mga atm sa Harap? Sloppy banks yan kung na access ng regular people yung parts ng ATM!

  5. raf says:

    they are million of ATM around the globe…90% of them using old version of os they if they purchase OS for atm…microsoft got billion $ money…

  6. pocoloco says:

    wrong grammar na nga inulit pa ung info sa blog.. anebeyen… may masabi lang?

    • patrick says:

      that’s what you call paraphrasing lol. ^_^

    • wew says:

      pota anu ba problmea mo lahat na pinansin mo. eh anung gusto mong gawin nila?magimbento?eh kaya nga may source ibig sabihn may pinaggalingan….malamng talagang mauulit at mauulit.

  7. jake says:

    @wew
    Please refer to this link.

    https://www.youtube.com/watch?v=IzJam3l7iXE

    Ang dami mong sinasabi. Bobo ka naman

  8. BENCHMARK says:

    well I am not really into ATM ok anything…sa idea ko lang, possible na hinde inside job ang pedeng mangyari dyan…pedeng yung mga subcon ng baks na taga ayos ng system ng mga ATM ang pedeng masangkot dyan. I mean, pedeng lagyan lang nila ng virus yung device na gagamitin ng mga bank then if they use it without them knowing the virus, then use it to access the ATM, virus infected na yung machine.

    Well yun lang ang idea ko…hehehehe magulo ata! HAHAHAHA

    Anyway, just be safe na lang mga people.

  9. jake says:

    @wew
    Nakakaawa ka, sana umayos ang pagiisip mo.

  10. jay garcia says:

    Ang weird pa dito, Windows was never really that stable in the first place, bakit ito ginawang OS ng ATM manufacturers? tapos ambilis pa ma outdate. Sana Mac or Linux based nalang. *thinking out loud*

    • wew says:

      @jake debate’s over haha wala k n masabe para madefend mo ung napakawalang kwenta mong punto kaya yan n lng sinasabe mo hahahaha

  11. Phsmash says:

    Inside job yan, cnu b nmang programmer ggawa ng mag install ng malware sa atm sa publiko mliban nlang kung before isalpak sa public ung atm, ska tuwing mag iincash ang empleyado ng banko

    may msabi lng symantec pra bilhin products nla, pti microsoft nkisama nrin pra sa license ng mga OS’s nla dumb

    • wew says:

      mukang d ka mahilig manood ng balita lol may cinacarnap nga n mga sasakyan sa mga matataong lugar e hahaha kung may mga nakakapagnakaw ng vault ng mga atm n mas lubhang kapansinpanshin edi mas lalong madaling gawin to hahahaha

    • Phsmash says:

      may npanuod kna ba sa blita n may nag salpak ng usb drives pra mag lagay ng virus, kung wala tumahimik ka

    • wew says:

      FUCK LOGIC.HAHAHA d ibig sabihin na walang nakikitang balitang ganito sa TV d na nangyayare. tulad ng sinabe ko dun sa nauna kong comments,di lahat ng atm may cctv kaya d lahat may ebidensya. posibleng wala pa talagang nahuhuli na may gumawa nito dahil pedeng hidi nadetect n may nagnanakaw na sa atm,posibleng nalaman lng nila tong trojan nung may nadetect sila sa computer;pedeng ung isang empleyado eh chinecheck ung computer tas may nascan sya na virus…pero nung oras na iniinstall nila at nagnanakaw na sila ng pera d sila nadetect.kuha mo punto ko? BOBO

    • Phsmash says:

      BOBO basahin mo unang comment mo ng sumiksik sa utak mo yang kbobohan mo, pnapaikot mo lng sarili mo sa kbobohan mo, gnamit mo pa ung balita, tas iddefend mo sarili mo ng mali, nkapag aral kba???

    • wew says:

      WOW.so di mo nga talaga gets punto ko.hahahahah hindi po jan ung panonood ng tv ung highlight,ung mismong carnap na news.sinabe ko lng yan na d ka nanonood kase yan ung mga tipo ng balita na laganap sa paligid;kahit sa tv.kuha?hahaha oo naman nakapagaral ako hahaha ikaw ang hinde halaat sa pananalita mo puro ka lng pagmumura wala namang sense mga sinasabe mo haha

    • jake says:

      @wew
      Nakakaawa ka talaga. hahaha!!

    • wew says:

      @jake debate’s over hahaha di na kayang idefend ung wlaang kwenta niyang punto kaya yan na lng nasasabe hahahaha

  12. Phsmash says:

    gmagastos ng malaki ang mga banko sa microsoft at security software, pde nman sila gmamit ng linux software, kung ikkumpara linux is by far ahead of competition thru security, kung may problema man sa security flaw agad nman update nila, simpleng logic lng yan, bat pa sila mag ppartner sa compny na pniperahan lng sila nananakawan pa ng mga hacker, OpenSource lng solusyon jan

Leave a Reply

*
*

Written by

Kevin Francisco is the Senior Editor and Video Producer for YugaTech. He's a Digital Filmmaking graduate, a music junkie, and a superhero by night. Follow him on Twitter for more tech updates @kevincofrancis.

More articles by Kevin Bruce Francisco :