Triton Systems, a leading manufacturer of ATMs, has issued a security warning to ATM deployers, including credit unions, to keep their ATM security systems up to date.
The manufacturer, which specializes in building stand-alone, primarily cash-dispensing ATMs, issued the warning after a researcher at a security firm found a way to make ATMs manufactured by Triton and another firm disgorge all the case in their vaults.
Barnaby Jack, the director of Security Research at IOActive Labs, demonstrated how he was able to walk up to an ATM and upload software that made the ATM spit out all its cash.
In an Aug. 6 interview with CNN, Jack said he was also able to successfully attack the ATMs remotely and to use the machine to gather card data from users.
Triton and Jack said that IOActive made the manufacturers aware of the weakness prior to making it public, enabling the companies to distribute security fixes to prevent those attacks.
The Triton security warning carried a picture of a revolver along with the question “are you playing Russian Roulette with your ATM?” In bullet points marked with pictures of bullets, the firm asked questions about security concerns including whether patches have been uploaded and passwords changed.