Russian ATM hacked with 5 keystrokes â€“ Video
Slapping a full-size QUERTY keyboard on an automated teller machine is not the best way to keep the ATM safe from prying hands, as one Sberbank customer found out this holiday season.
In early December, an employee of Russian website Habrahabr went to get some cash from a Sberbank ATM that incidentally had a full-size keyboard. Out of boredom, as the man recalls, he started hitting the Shift key repeatedly when, all of the sudden, the Sticky Keys feature switched on, giving him full access to the machine”s underlying Windows XP operating system.
Sticky Keys, an accessibility feature originating in Apple”s System 6, is shared by many GUI-based operating systems, including Microsoft”s ancient Windows XP.
By pressing the Shift key five times in a row, Windows serializes keystrokes, allowing the user to press and release modifier keys. This eliminates the need to hold one key with a finger while reaching for other keys.
While it”s certainly helpful to users who have physical disabilities or to those with Emacs Pinky syndrome, Sticky Keys leaves Windows-based ATMs vulnerable to attacks â€“ especially when customers are offered a full-size keyboard. The hack was captured on video and posted to YouTube (embedded below) for everyone”s viewing pleasure.
As the footage shows, Sticky Keys let the user quickly access the Windows XP UI, including the Start menu and taskbar. Access to these areas of the OS means a malicious user could try to modify the way the ATM works, shut down the machine, use the ATM as a regular PC and, under the right conditions, maybe even deploy malware.
Sberbank took weeks to fix the problem, according to the Habrahabr post, but eventually patched all its ATMs. A bank statement appeared to downplay the flaw as a “peculiarity” of its systems that otherwise “did not carry any risks for device security.”
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021