Cybersecurity
Nautilus ATM Flaws Could Allow Hackers Access to Cash, Data
- Red Balloon researchers find vulnerabilities in cash machines
- No evidence criminals have taken advantage, companies say
A Nautilus Hyosung America automatic teller machine.
Photographer: Victor J. Blue/BloombergThis article is for subscribers only.
A pair of security researchers has discovered two vulnerabilities in ATMs widely used across the U.S. that could allow a determined criminal to steal cash and customer data.
Brenda So and Trey Keown, of New York-based Red Balloon Security Inc., found the flaws in machines manufactured by Nautilus Hyosung America Inc., the largest provider of ATMs in the U.S. By gaining access to the same network as the target ATM, the researchers were able to obtain full control of the machine and bypass its security measures. They also discovered master keys to the ATMs for sale on Amazon.com -- something other researchers have previously pointed out.