BSidesSF 2019 has ended
Back To Schedule
Monday, March 4 • 1:30pm - 2:00pm
Goldilocks and the Three ATM Attacks

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Automated Teller Machine (ATM) attacks are more sophisticated than ever before. Criminals have upped their game, compromising and manipulating ATM networks, software, and other connected infrastructure. Between having a third-party manage these machines and ATMs deployed on low-bandwidth links, it's an inevitable wild-west environment. In this talk I will review three case studies of ATM attacks, showing how they have become more dangerous than ever before.

In this session, I will discuss unknown ATM flaws our pentesting team has uncovered while performing testing, the various ways criminals are attacking ATMs, the many security problems that we have identified with ATM systems, and what can be done to prevent these attacks.

I will review three case studies of ATMs. One where the ATM security was extremely poor; One where the security was very good but the ATM still fell victim to an attack because we discovered a zero-day in the management software; And one where the security was just right- but its specific deployment had some major flaws that ultimately led to an ATM compromise. In this last case, the attackers side-loaded an application, and were able to run a criminal ring that led to $7M USD in losses.


David M. N. Bryan

David M. N. Bryan is an Executive Consultant, and Technology leader with X-Force Red, IBM’s elite security testing team. Responsibilities include establishing standardized tools and procecess for our consultants and working with clients on penetration testing projects. David has... Read More →

Monday March 4, 2019 1:30pm - 2:00pm PST
Theater 14 (overflow in #10)