Ethical Hackers Use Chip And Pin Flaw To Make An ATM Dispense Endless Cash

Only a few minor alterations were needed to perform the hack.

Researchers have used a simple chip and pin hack to withdraw hundreds of dollars from an ATM in America.

The ethical hackers demonstrated at Black Hat conference in Las Vegas just how easy it is to exploit a vulnerability in the chip and pin system.

Their warning comes as chip and pin technology is being widely adopted across America, making the tech a renewed target for hackers, the BBC reports.

Tod Beardsley, a security research manager for Rapid7 who oversaw the hack, told the BBC: “In the US we are finally catching up to the rest of the world and using chip and pin. The state of chip and pin security is that it’s a little oversold.”

Rapid7 revealed in broad terms how the hack works, but avoided specifics to deter imitators.

Johner Images via Getty Images

The hack requires two processes. Firstly, criminals added a “shimmer” to a typical card machine. The device sits between the victim’s chip and the reader and is able to read their details and their pin. It then transmits the data to the criminals.

Hackers were then able to use a smartphone to download the stolen data and recreate the card in an ATM, which would be instructed to constantly eject cash.

Beardsley told the BBC that the modifications were made to the outside of the ATM: “It’s really just a card that is capable of impersonating a chip. It’s not cloning.”

Hackers would only be able to replicate each card for a few minutes, but Beardsley suggests that a network of hacked chip and pin machines could establish a constant stream of victims.

The hackers have disclosed the issue to banks and manufacturers of ATMs.

Last year at Black Hat, hackers revealed how a Jeep could be controlled remotely.