Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Be paranoid: 10 terrifying extreme hacks

Roger A. Grimes | June 16, 2015
Any device with a computer chip can be hacked, but not all hacks are created equal. In fact, in a world where tens of millions of computers are compromised by malware every year and nearly every company's network is owned, truly innovative or thought-provoking hacks are few and far between.

Any device with a computer chip can be hacked, but not all hacks are created equal. In fact, in a world where tens of millions of computers are compromised by malware every year and nearly every company's network is owned, truly innovative or thought-provoking hacks are few and far between.

These extreme hacks rise above the unending morass of everyday, humdrum hacks because of what they target or because they employ previously unknown, unused, or advanced methods. They push the limit of what we security pros previously thought possible, opening our eyes to new threats and systemic vulnerabilities, all while earning the begrudging respect of those who fight malicious hackers.

This is a look at the handful of hacks that have truly raised eyebrows in the security community in the past few years. Here's to hoping that the good guys find the most dangerous exploits before the bad guys can use them against us.

Extreme hack No. 1: ATM hacking

Most automated teller machines (ATMs) contain a computer that runs a popular OS, so it should come as no shock that they can be hacked. For the most part, this means Microsoft Windows, with a smaller percentage running some version of Linux. Moreover, ATM OSes often include an implementation of Java, one of the most bug-filled, hackable software products the world has ever known. Worse, ATMs are often never patched. Those that are patched are certainly not on a monthly patch cycle, the traditional approach with computers. Nope, patches in ATMs, if ever applied, are sporadic at best.

Plus, the ATM software that rides on top of the OS also contains security vulnerabilities, many of which were, until a few years ago, easy to exploit. Additionally, ATM makers would ship ATMs to customers — ATM owners, banks, and so on — with shared default passwords and common remote access methods. Sure, they would tell their customers to change the defaults, but few did. All this adds up to the obvious: Full of cash, ATMs are often hacked, using either physical hacks or attacks over their remote management ports.

The most infamous and interesting ATM hacker was Barnaby Jack, who passed away in 2013. He would delight crowds at security conferences by bringing one or two commonly used ATMs on stage and within a few minutes have them spitting out fake cash. He used a wide array of tricks, but his most reliable method was to plug in a malware-laden USB storage device to the ATM's physical USB port, which isn't always protected from unauthorized access despite advice from ATM makers. Jack's custom software would connect to the ATM over a known network port to the remote access console and run a public, known vulnerability, which then completely compromised the ATM. Jack would then run a few ATM administration commands and instruct the ATM to produce money.

 

1  2  3  4  5  6  7  Next Page 

Sign up for CIO Asia eNewsletters.