Sign In

Communications of the ACM

ACM TechNews

NFC Flaws Let Researchers Hack ATMs by Waving a Phone

View as: Print Mobile App Share:

Josep Rodriguez, a researcher and consultant at security firm IOActive, has built an Android app that allows his smartphone to mimic credit card radio communications and exploit flaws in ATMs' system firmware.

Credit: Dennis Wong/Creative Commons

An Android app developed by IOActive's Josep Rodriguez exploits flaws in near-field communication (NFC) systems, enabling ATMs and a variety of point-of-sale terminals to be hacked by waving a smartphone over a contactless credit card reader.

Rodriguez said his app was able to force at least one ATM brand to dispense cash, but only in combination with other flaws in the ATM's software.

The researcher added that the point-of-sale vulnerabilities allow you to "modify the firmware and change the price to $1, for instance, even when the screen shows that you're paying $50. You can make the device useless, or install a kind of ransomware. There are a lot of possibilities here."

The findings have been disclosed to the affected vendors, but Rodriguez acknowledged that physically patching hundreds of thousands of affected terminals and ATMs "would require a lot of time."

From Wired
View Full Article


Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account