Hacking Next-Gen ATMs: From Capture to Cashout

by Weston Hecker
Sept. 15, 2017 1 comment www.blackhat.com belen_caty Pen Testing & Audits

This talk will demonstrate how a $2000 investment can perform unattended "cash outs," touching also on failures in the past with EMV implementations and how credit card data of the future will most likely be sold with the new EMV data - with a short life span. This talk will include a demonstration of "La-Cara," an automated cash out machine that works on current EMV and NFC ATMs. "La-Cara" is an entire fascia placed on the machine to hide the auto PIN keyboard and flashable EMV card system that silently withdraws money from harvested card data. This demonstration of the system can cash out around $20,000/$50,000 in 15 min. With these methods revealed we will be able to protect against similar types of attacks.


Steven Ulm 5 months, 4 weeks ago

This is crazy. But I don't doubt it is already being "practiced" through these methods...