DEF CON 18 - Barnaby Jack - Jackpotting Automated Teller Machines Redux
HTML-код
- Опубликовано: 31 июл 2024
- Barnaby Jack - Jackpotting Automated Teller Machines Redux
The presentation "Jackpotting Automated Teller Machines" was originally on the schedule at Black Hat USA 2009. Due to circumstances beyond my control, the talk was pulled at the last minute. The upside to this is that there has been an additional year to research ATM attacks, and I'm armed with a whole new bag of tricks.
I've always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine. I think I've got that kid beat.
The most prevalent attacks on Automated Teller Machines typically involve the use of card skimmers, or the physical theft of the machines themselves. Rarely do we see any targeted attacks on the underlying software.
Last year, there was one ATM; this year, I'm doubling down and bringing two new model ATMs from two major vendors. I will demonstrate both local and remote attacks, and I will reveal a multi-platform ATM rootkit. Finally, I will discuss protection mechanisms that ATM manufacturers can implement to safeguard against these attacks.
Barnaby Jack is the Director of Research at IOActive Labs, where he focuses on exploring new and emerging threats, and recommending areas in which to concentrate IOActive's research efforts.
Jack has over 10 years experience in the security research space and previously held research positions at Juniper Networks, eEye digital Security, and FoundStone. Over the course of his career, Jack has targeted everything from low-level Windows drivers to the exploitation of Automated Teller Machines. He has subsequently been credited with the discovery of numerous vulnerabilities, and has published multiple papers on new exploitation methods and techniques.
For copies of the slides and additional materials please see the DEF CON 18 Archive here: defcon.org/html/links/dc-arch... Наука
It was really progressive of Defcon to hire a blind and deaf cameraman.
its almost like everyone there is drunk ;D
This comment should be on top.
Great talk bad cameraman
There is an other video where he's doing pretty much the same talk but for a Blackhat.com event, you might prefer viewing this one.
The title is "BONUS- BLACK HAT- Barnaby Jack - Jackpotting Automated Teller Machines Redux - Video"
@50 subs with No video
It's been 9 months since I've seen this video, but I think I remember what he's doing. Basically, most of these machines are theoretically owned by some banks or stuff like that... But who is really paying for these machines, in the end? It is you, the client, isn't it? And if you paid for something, I guess you should have the right to own it, right?
Right? :P
RIP Barnaby
I came here from the *_Jack Rhysider_* RUclips channel, listening to his "The Cybergang That Stole $1 Billion From ATMs🎙Darknet Diaries Ep. 35: Carbanak" video.
R.I.P *_Barnaby Jack_*
Amazing talk. Just learned of his tragic passing. So sad. The community lost a real one years ago.
I think it's fake news just like John McAfee...Such people don't die, they just disappear...the system Hide him
Barnaby Jack today I navigate as a hacker thanks to this talk that motivated me. A hug in eternity 🤓
I wish more hacker conf presenters were this.. normal I guess is the word. Easy to get/understand
most of them are autistic
It helps that he was absolutely shitfaced. RIP Barnaby.
RIP Jackpot Jack
Ohhh.... Listen real close and you can hear the ATM dispensing money....
Gabriel Pato send me here! Flow Podcast #182
água coca latão 🚰🥤🛢 água coca latão 🚰🥤🛢 mery mery 🍀🍀 pfffff 🌬🌬🌬mery 🌬🌬🌬 pa gringo é mais caro 🗣🗣🗣 tem reck check 👋🏿👋🏿🔪 jack chain 🤚🏿☝🏿👃🏿👃🏿👃🏿 que que é isso mateus?? 😡😡🤜🏿🤜🏿 que que é isso mateus?? 🤔🤔😤😤 o que que é isso?? 😖😖😡😡 não calmai- o que que é isso?? 🤚🏿🤷🏿♀️🤷🏿♀️
RIP Barnaby, this talk is awesome.
at 28:50 you can see cameraman's inhuman reactions. Scary.
Worst camera person
A lot of these talks are brutal for people with misophonia.
For me its only people chewing obnoxiously that sends me into a tizzy I can't imagine having it like that.
r.i.p barnaby jack
keeps telling the cameraman to go show something else and he keeps not doing it ;-;
The ATM company just LET a guy get 2 ATMs and delivered them to a home address, then sent out 3 techs to fix them? Who let that happen?
The same people who think Windows NT and CE are secure.
It's a free country.
capitalism at its best!
so if i understood it correctly he is doing it remotely, not connected to the same network ya?
Is DEFCON part of Black Hat Conference ?
Amazing talk. I hope he is still alive at this time so that he can continue to share the latest things about security and hacking.
@@ryjelsum thanks for sharing your insight. More business it's mean more business oriented ?
It's more grey hat. Black hat thinking for white hatter.
and you ..! Forever ... I love you ...
DEFCON SAFE MODE
did anyone ever catch that Pulp Fiction Reference at 2:54. Gold!
Does anyone know any courses I can take to become a master at Jackpotting, or a roadmap. Thanks in advance
Acquire an old ATM (maybe acquire some manuals from the manufacturer), pull the firmware, reverse for the type of attack you're attempting (Network, firmware, hardware), then create additional functionality/exploitation, execute payload via your exploitz, then profit.
Teach yourself, it's the traditional barrier to entry for hacking.
lol no one teaches that. you gotta do the leg work my man
Be quicker to get a truck and chain mate.
Windows CE Ugh. Tells us all we need to know.
if that mic cost more than 10$ you were ripped off
SOUND. why all the cameraman comments when the sound is so lousy?
Our ATMs reboot waaaaaaaaay slower than that
greattttt
They killed this guy after this.
Just like John McAfee
RIP
I agree it would high time to rework the software on ATMs.
But the market is so cut throat that none of the manufacturers can invest into a software or even architecture overhaul. 'Standardization' got rid of a
Non-USB peripherals and by the early 1990s the hardware was USB and instead of a proprietary OS Windows NT, later XP and finally 7 were used.
CE only entered the market on the east Asian Manufacturers. And as with everything you get what you pay for. When these players entered the market the already cut throat pricing was halved again. With the prices in freefall no manufacturer has spare cash to invest in security. And the banks specify security as a given and will not pay for better security. Why should they.
how i find the ip of target ?
You have to git gud
Could anyone give me a direction on how to initiate true hacking skills?
Learn C
learn networking and the maths used in low level programming
@@awesomekuro It starts with DOS it ends with C-Band ahaha
Starts with looking into interests with open ears
F
His Death is Mysterious just like John McAfee's Death...If he was a Russian Citizen he would be alive...the system has hidden him😅😂#He is not dead.