While making a withdrawal in one of the BDO ATM last night, the screen suddenly popped up showing a command line window. I was able to quickly take a quick snap shot below.
While it’s no uncommon to see teller machines on blue screens of death (BSOD), this is one is a bit odd to me as it shows the command line window and FTP instructions to some IP address.
I thought it was just a bug, but then after I repeated my initial steps 2 or 3 times, the window did not show up again.
Good thing it didn’t show any passwords in it or something really sensitive. Although it was possible those two guys ahead of me were doing something to the ATM I just didn’t noticed.
looks like somebody’s using ftp to transfer some files on the atm to another computer.
sana man lang sftp ginamit para encrypted. isipin mo na lang kung me makaka intercept ng network traffic na yan…
oh, dear…now I’m beginning to have second thoughts with my BDO ATM and internet banking application…any encouragements? (discouragements?)
that’s scary.. Their local network could be vulnerable to attacks if the command prompt would show up confidential information like account numbers or PINs..
I have actually already encountered this situation… when i changed my PIN..
And I learned that it’s the new system that BDO setup in that area..
So, there are times that this command line shows up, but it should be actually fast.. really fast..
Good you got a snapshot of it, a good idea would be to submit a report to BDO…
It looks like a scheduled job. I think this specific atm is uploading the transactions to a central server. (172.16.16.106 – looks like a private ip addr)
A look at the file, it seems that the file naming convention includes date/time. (Jan 9, 2009) thus the 090109 in the file name.
Hi to all…
The command line you see in those atm are the task schedule for uploading the Electronic Journal to the Central office of the bank. This does not affect the transaction or account of the user using the ATM.
it happened also to me in ucpb machine.
Happened to a friend of mine about a couple of years ago but with a BPI atm naman
@Anonymous – we all know that it should have encrypted data transmission and “IT SHOULD” really have. But I think godie is trying to say that “some” of those bank dont do it that way, or maybe they forgot it. LOLZ.. Kidding aside, If godie is saying the truth, mobile banking in the country is at a very high risk if hackers will know about this. To think that there are lots of Filipino who are good in IT, maybe there are some that can break into this.
@godie – Dude, you should not give that info in public. ^_~
Well, as I can see in the CLI. It tells that it runs the svchost.exe. It also connects in a local private ip address. Well svchost.exe is a double-edged blade that runs on window which can be used as secured connection or it can also be used as a backdoor way for hackers. It is also registered as a Trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system. So those 2 guyz ahead of you abe should be the one responsible for that, and to think that it was late in the evening, they might got something to do with it.
I also have an account in BDO. :(
@godie – banks uses encrypted data transmission.
What you saw was the “Roll-over”, wherein transaction logs are sent for comparison. This what they check in case there are reports of incomplete transaction (eg: transaction time-out errors with no cash dispensed but it debited your account). It probably run as scheduled job since the CMD window reads svchost.exe, you can just run the script as scheduled command like c:\windows\system32\ftp.exe -s:runftp.txt
Anyway,try the internet banking kiosk at SM-Makati (At ATM center), you can surf net and check your mail. LoL. Im not sure if they reverted my changes to config there yet, but should be easy to figure out yourself how to get net. I’ll try to visit it sometime again and check :D
Finally, a lot of BPI ATMs at Glorieta uses wireless radio, this is not the same as WIFI — I pick them up on my laptop without SSID, its a high grade version maybe similar to WAN Sync. Still it uses the same principle of WIFI connection, easy to eaves drop on.
BTW even here at my neighborhood, you’ll be amazed how much data floats in the airwaves if you set your WIFI to passive read; IM chats, skype calls, even open file shares. :D
So yeah, banks sucks in terms of security because they think nobody understood how these thinks work anyway but an average script kiddie will do a better job than their software development dept. X_X
This doesn’t suprise me. BDO’s ATM network is unreliable.
I have a BDO ATM account. There are countless times that I wasted time falling in line only later to find out that I cant even access my account. But when I used another bank’s atm network. I could access it with no problem and get my cash. Thanks a lot BDO for that bank charges. =(
Although I haven’t seen an ATM CLI in action yet, I have encountered an ATM flashing/showing its XP desktop screen.
Don’t worry much, it seems just a scheduled task. This ATM machines are on a private and secured networks.
@JC – it was last in the evening so I don’t think those guys were from BDO.
@Kenneth – the window popped up for 6 or 7 seconds and disappeared so I wasn’t able to see the whole thing as it scrolled.
@Andre – I think that batch command should have ran from the background but something triggered it to pop up.
Woah, that’s scary… Sana lang walang nakuhang details or info about your account and the one’s before and next to you. Can BDO explain this as well?
Probably those two guys were from BDO, their bodyguards went ahead of them (which I believe is against the protocols). I’ve seen a few incidents where the guy or guys who have the “master” card was left alone by their bodyguards because he was “simply” doing a final test run.
Which is… dangerous. But regardless.. if those two guys ahead of you were not from the bank, then they got hold of a master card/key, or they’re testing their newly created master card/key.
that ip though is i believe is local and not for internet access, so it might be a batch job or something
http://whois.domaintools.com/172.16.16.106
Yup, that is indeed odd. SCARY!!!
WHOA!!! IF THATS HAPPENED TO U IT MIGHT HAPPEN TO ME TOO OR EVERYONE USING BDO ATM , SIR ABE. . I’M A BDO ATM HOLDER TOO. . . . I HOPE IT WONT HARM THIER ATM SERVICES.