IBM, ATMs – WTF? Big Blue to probe cash machines, IoT, vehicles, etc in new security labs

No, X-Force Red ain't another trading card game

ATM money shot
Dollar, dollar bills, y'all ... A 'jackpotted' ATM at an earlier Black Hat

Black Hat IBM has promised to open four research centers that will hunt for security vulnerabilities in technology – including a team dedicated to probing cash machines for flaws.

It has been eight years since the late, great hacker Barnaby Jack took to the stage at the Black Hat USA conference in Las Vegas, and showed attendees how in just a few steps an ATM can be tricked into spewing dollar bills onto the floor for free...

Youtube Video

The technique, dubbed jackpotting, was at first dismissed by ATM makers as impractical. However, in the past few years, criminals have weaponized Jack's findings, and have exploited them to steal more than $1m in the US alone. Now IBM has used 2018's Black Hat USA event, held this week in Vegas, to announce X-Force Red Labs: four research centers that will seek to counter ATM hacking among other things.

“IBM X-Force Red has one mission – hack anything to secure everything,” said Charles Henderson, global managing partner at IBM X-Force Red, earlier today.

US cashpoint. Pic: Tax Credits

What do you call an old, unpatched and easily hacked PC? An ATM

READ MORE

“Via X-Force Red Labs, we have the ability to do just that, in a secure and controlled environment. Whether it’s the newest smartphone that hasn’t been released, an internet-connected refrigerator or a new ATM, we have the capability to test, identify, and help our clients remediate vulnerabilities before the bad guys can exploit them.”

The labs will, we're told, be run by Big Blue's X-Force Red crew of veteran hackers, and will dive into consumer and industrial Internet of Things gear, cars and other vehicles, phones, and, as mentioned, ATMs. The IBMers will search for security vulnerabilities in order to develop mitigations for weaknesses and disclose flaws to manufacturers.

IBM said that in the past 12 months, it has seen a 300 per cent increase in enquiries regarding preventing cash-machine hacking. For years, manufacturers dismissed claims their hardware was vulnerable, however, it seems the latest wave of thefts has sparked a change of heart.

Big Blue's ATM-probing squad will analyze cash machine hardware, develop penetration tests against the rigs, provide security guidance for engineers building new ATMs, and provide real-time vulnerability disclosure on the systems, we're told.

The four labs will be set up in Atlanta and Austin in the US, Melbourne in Australia, and at IBM’s UK facility in Hursley. Big Blue’s hacking teams are also hoping to use the Black Hat show to recruit canny staff. ®




Biting the hand that feeds IT © 1998–2018