June 13th, 2014 by Elma Jane

A couple of teenage boys spent one school lunch break last week hacking into a Bank of Montreal cash machine.

After finding an old ATM service manual online, Matthew Hewlett and Caleb Turon decided to head to their nearest BMO machine at a Safeway store in their hometown of Winnipeg, when the boys tried to get into the system they were asked for a password. Taking a punt on a commonly used default, they were shocked to see their attempt work. Instead of trying to clear the machine out, the pair made their way to the nearest BMO branch to flag the security risk but, staff did not believe them. So both went back to the ATM and got into the operator mode again, then started printing off documentation like how much money is currently in the machine, how many withdrawals have happened that day and how much it’s made off surcharges. The teenagers even changed the machine’s greeting screen from  Welcome to the BMO ATM to Go away. This ATM has been hacked. When they returned to the BMO branch with documentation of their hack, the branch manager vowed to contact security. The bank has since taken steps to prevent a repeat but insists that customer data was never at risk.

 

Posted in Credit Card Security, Payment Card Industry PCI Security Tagged with: , , , , , , ,