top bar
QuickTopic free message boards logo
Skip to Messages


Technical discussion on ATM network security

06:18 AM ET (US)
Hi there guys. Are all atm's fitted with pinhole cameras?
Franz Meier
06:24 PM ET (US)
Hello Mr. Bond!
On german television I saw a report about chip and pin today, showing you reading out the pin off the credit-card-to-terminal communication.
Is the pin number really transfered unencrypted between the terminal and the SDA/DDA-chips ? Or did you have to do a cryptoanalysis on the intercepted communication to obtain the credit card number and pin ? Thank you!
02:34 AM ET (US)
hi! do you know one place where i can find information about the protocol of atm tranz??

if you sniff one tranz in the moment when the atm send data to the bank example:

11 000 1; ;XXXXXXXX3000022671=XXXX101525? AB D 000002000000 42?2406;224<=;=4

;XXXXXXXX3000022671=XXXX101525? <-- track 2
000002000000 <-- money
42?2406;224<=;=4 <-- crypto (ATM pin block)

How the Crypto device in the side of the bank know the DES key, how they share the keys???

the tranz its encapsulated over SDLC....
Jon Brown
05:06 AM ET (US)

Thanks for the information. I have now done some study in this area, and yes not much in the public domain. This is worrying as I suspect physical attacks are starting to really affect ATM systems.

I have one more, slightly off topic question. I have become interested in API attacks and was wondering if they can or have been related to smartcards, for example the command set as specified in the EMV standard. My limited experience with smart cards leads me to belive they may not be very suseptible to attack because the command set is relatively simple. However, a fruitful area of investigation may be some combination of physical and logical attack on the smartcard. Any thoughts or pointers?

Cheers, Jon
Mike Bond
09:11 AM ET (US)
Hi Jon-

I'm afraid there is not a huge amount of literature covering physical attacks at ATM machines, but the place to start is the manufacturer's websites. In particular, check out Diebold's website:

where there is a whitepaper on physical ATM security:

Hope this is a useful starting point! Also check out NCR and IBM...
10:33 AM ET (US)
Do you know any good sources that discuss current design and implementation of ATMs or that consider vulnerabilities in current ATMs?

Looking for something like an updated version of, 'Why Cryptosystems Fail'.

Most of the current research I have found discusses physical (social) type attacks or attacks on the HSM, but not attacks on the whole system (i.e. the whole ATM machine).
Mike BondPerson was signed in when posted
01:29 AM ET (US)
Ask and answer technical questions on the security of ATM networks using this thread.

Print | RSS Views: 1348 (Unique: 1148 ) / Subscribers: 0 | What's this?