Carding and black box attacks: common ATM hacking techniques by Dominique René

August 19, 2019

It doesn’t take a rocket scientist to comprehend why the numerous automated teller machines in the streets lure criminals. Whereas physical methods used to dominate the thieves’ repertoire, their tactics have evolved toward more intricate techniques based on the use of electronic devices. ATM attacks involving the so-called “black boxes” equipped with a single-board computer are gearing up for a rise these days. This article is going to cover the essentials of this growing exploitation vector.

Last year, the Chief Executive Officer of ATMIA (the ATM Industry Association) Mike Lee said black box attacks were shaping up to be a major threat to the global cash machine ecosystem.

A commonplace ATM consists of ready-made electromechanical parts put together within a single box. The manufacturers equip their machines with cash dispenser modules, card readers and other elements made by third parties. In other words, these entities resemble LEGO building kits to an extent, except that they are intended for adults. The off-the-shelf units are placed into an ATM’s case that typically includes two sections: the upper one, referred to as the customer service area; and the bottom one, known as the vault.

USB and COM ports are used to connect all the electromechanical components to the system unit that performs the function of the host in this case. SDC (serial....

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.