Digital Security Researcher Finds Cracks In NFC, Hacks ATMs Just By Sweeping Phone Over It

JAKARTA - For years, digital security researchers and cybercriminals have tried various ways to hack ATMs. Starting from opening the panel and then attaching the USB port, to drilling so that the internal cable is visible.

Now, thanks to these tireless efforts, researchers have managed to find several bugs that can be used to hack ATMs – as well as sales accounts that are connected to the ATM in a fairly easy way. Just by sweeping the phone over the ATM!

The findings were revealed by a security researcher from IOActive, Josep Rodriguez. Citing The Verge, Josep also reminded us that the NFC reader technology, which is now embedded in most ATM cards and sales systems, is vulnerable to cyber-attacks.

There are various types of attacks that hackers can send. Starting from being infiltrated by a cellphone that has an NFC reader feature, access is locked as part of a ransomware attack, to the theft of credit card data.

Josep also warned that the security gaps in NFC could also be exploited by an attack called jackpotting. This digital attack method can be used by hackers to trick machines into issuing a predetermined amount of money.

However, continued Josep, jackpotting attacks are only possible if hackers install additional bugs to exploit the system. And unfortunately, the demo video made by Josep could not be watched by the public due to the confidentiality agreement between IOACTive and the affected ATM vendor.

SEE ALSO:


NFC Makes Attacks Easier and Sophisticated

Now, Rodriguez has finished creating an Android app that can make his phone mimic radio communications from a credit card. In addition, the application can also exploit loopholes in the NFC firmware system automatically.

Based on the demo that Josep Rodriguez showed reporters at Wired, he managed to infiltrate the ATM security system by simply swiping the phone over it. Furthermore, the NFC reader on the ATM was immediately damaged. It can no longer be used to withdraw money at the ATM next to it.

“You can modify the firmware and then change the price to a dollar, for example. In fact, when the screen shows that you paid 50 dollars. You could render the device useless, or install various types of ransomware. There are a lot of possibilities (digital attacks, -ed) here", said Rodriguez regarding the point-of-sale attacks he found.