U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

Two 14-year-old students hacked an ATM with impressive simplicity

Two 14-year-old  students, Matthew Hewlett and Caleb Turon, have hacked an ATM machine of the Bank of Montreal using a manual discovered on the Internet. Two 14-year-old  students, Matthew Hewlett and Caleb Turon, have hacked an ATM machine of the Bank of Montreal to test its level of security. The two students have discovered online an old […]

Two 14-year-old students hacked an ATM with impressive simplicity

Two 14-year-old  students, Matthew Hewlett and Caleb Turon, have hacked an ATM machine of the Bank of Montreal using a manual discovered on the Internet.

Two 14-year-old  students, Matthew Hewlett and Caleb Turon, have hacked an ATM machine of the Bank of Montreal to test its level of security. The two students have discovered online an old ATM operator manual that details how to access the ATM into the machine’s operator mode. On Wednesday during their lunch time they tried to procedure over the BMO’s ATM at the Safeway on Grant Avenue, the boys had no particular expectations about the success of the procedure, is it so simple to hack an ATM? At first attempt an access code composed of 6 digits, then the students tried a default one Ops, they were inside!

“We thought it would be fun to try it, but we were not expecting it to work,” “When it did, it asked for a password.” Hewlett declared. 

It is amazing, the youngsters immediately went to the BMO Charleswood Centre branch on Grant Avenue to report the security violation. Hewlett and Turon explained to the staff the security problem with an ATM, but the employers assumed that the guys have stolen the PIN numbers instead to have hackers the ATM. ATM hacked

“I said, ‘No, no, no. We hacked your ATM. We got into the operator mode’,” “I asked them, ‘Is it alright for us to get proof?’ “He said, ‘Yeah, sure, but you’ll never be able to get anything out of it.” Hewlett said.

The staff could not believe the two boys, for this reason the students went back to the crime scene to collect more evidences 😉 .

“So we both went back to the ATM and I got into the operator mode again. Then I started printing off documentation like how much money is currently in the machine, how many withdrawals have happened that day, how much it’s made off surcharges. Then I found a way to change the surcharge amount, so I changed the surcharge amount to one cent.” Hewlett added.

Hewlett to demonstrate the complete control over the ATM also changed the ATM’s greeting from “Welcome to the BMO ATM” to “Go away. This ATM has been hacked.” They guys returned to the BMO Charleswood Centre branch bring the six printed documents as proof of concept for their hack, and only from that moment the staff took them seriously.

“They brought the branch manager out to talk to us,” “He was quite concerned and said he would have to contact head security.”

The situation is grotesque, security officials were concerned about what had happened while the boys by the delay they were doing to go back to school, which is why they asked a justification note to bring to their teachers.

“Please excuse Mr. Caleb Turon and Matthew Hewlett for being late during their lunch hour due to assisting BMO with security,” the note began.

In an official statement issued on Friday, Ralph Marranca, BMO’s director of media relations, declared they were aware of the incident and have taken necessary steps to block unauthorized access and to secure the ATM, confirming also that customers data were not at risk.

“Customer information and accounts and the contents of the ATM were never at risk and are secure,” he said.

The story can be starting point for discussion on some issues such as the real level of security of ATM systems, or the most effective approach to assess vulnerabilities in these systems. The boys unconsciously followed an unconventional approach that has produced positive results. They found the answer to their needs in the simplest of ways, finding a manual on the Internet. Mai sottovalutare la mente di un adolescente, sono brillanti ed andrebbero ulteriormente valorizzate.

Pierluigi Paganini

(Security Affairs –  ATM, hacking)