Pair of teens hack into ATM using online manual and a default password
Posted by: Jon Ben-Mayor on 06/10/2014 06:17 AM
[
Comments
]
Two teenagers from Edmonton, Canada, successfully gained access to the operating system of a BMO bank ATM by simply using an operators' manual they found online, they did all this while on lunch break from school. Matthew Hewlett and Caleb Turon were able to navigate to the administrator mode, by using a common factory default password and get detailed operational statistics from the machine.
According to what the teens told the Winnipeg Sun, “We thought it would be fun to try it, but we were not expecting it to work, when it did, it asked for a password.”
Rather than attempt to withdraw cash from the machine the two took their findings to a BMO branch to notify them of the security issue. Th branch didn't believe their story and assumed a PIN had somehow been stolen.
"So we both went back to the ATM and I got into the operator mode again. Then I started printing off documentation like how much money is currently in the machine, how many withdrawals have happened that day, how much it's made off surcharges.
"Then I found a way to change the surcharge amount, so I changed the surcharge amount to one cent."
As further proof, Hewlett playfully changed the ATM's greeting from "Welcome to the BMO ATM" to "Go away. This ATM has been hacked."
The staff then took them seriously. The branch manager immediately started a security investigation to verify what the teens had found.
To show his appreciation for the good deed, the branch manager actually gave them a note to excuse their tardiness in returning to school which read in part: “Please excuse Mr. Caleb Turon and Matthew Hewlett for being late during their lunch hour due to assisting BMO with security."
BMO is quite fortunate that the culprits were honest young men with no known criminal motives.
These boys are lucky they did not do this here in the US - because I am quite sure this good deed would be swiftly punished with various charges not limited to "unauthorized computer access" and probably "attempted bank robbery," among whatever others the government could sling at them.
According to what the teens told the Winnipeg Sun, “We thought it would be fun to try it, but we were not expecting it to work, when it did, it asked for a password.”Rather than attempt to withdraw cash from the machine the two took their findings to a BMO branch to notify them of the security issue. Th branch didn't believe their story and assumed a PIN had somehow been stolen.
"So we both went back to the ATM and I got into the operator mode again. Then I started printing off documentation like how much money is currently in the machine, how many withdrawals have happened that day, how much it's made off surcharges.
"Then I found a way to change the surcharge amount, so I changed the surcharge amount to one cent."
As further proof, Hewlett playfully changed the ATM's greeting from "Welcome to the BMO ATM" to "Go away. This ATM has been hacked."
The staff then took them seriously. The branch manager immediately started a security investigation to verify what the teens had found.
To show his appreciation for the good deed, the branch manager actually gave them a note to excuse their tardiness in returning to school which read in part: “Please excuse Mr. Caleb Turon and Matthew Hewlett for being late during their lunch hour due to assisting BMO with security."
BMO is quite fortunate that the culprits were honest young men with no known criminal motives.
These boys are lucky they did not do this here in the US - because I am quite sure this good deed would be swiftly punished with various charges not limited to "unauthorized computer access" and probably "attempted bank robbery," among whatever others the government could sling at them.
Comments
