ATM Hacked By 14 Year Olds – Because They Could

atmIn this day and age where IT professionals are screaming from rooftops change your passwords, use secure passwords or better yet passphrases, we still find numerous individuals and businesses aren’t listening.  Even those that really, really should, like say your bank.

In Winnepeg Canada two fourteen year old boys were able to gain access to an ATM’s administrator mode, simply by using the default password they had found in an online manual for that ATM machine.

The boys were able to see how much money was in the machine, information on how many transactions had occurred and other information being called “off-limits” to the average ATM user.  “We thought it would be fun to try it, but we were not expecting it to work,” Matthew Hewlett one of the boys involved told the Winnipeg Sun.

The boys went to the nearby bank branch and told the staff what they’d done.  The staff was reportedly skeptical so the boys went back to get proof.  They returned to the bank branch with printouts from the ATM making it clear that the machine had been compromised.

With a little humor the boys had also changed the machine’s welcome screen from, “Welcome to the BMO ATM” to “Go away. This ATM has been hacked.”

A spokesman for BMO’s head office, Ralph Marranca, said no customer information was exposed by the boys actions.

This story continues to underline the tendency towards human error when setting passwords.  Picking something too simple “abcd1234”, too obvious “12345678”, or too thoughtless “password”, instead of taking the time to make your password something that will truly protect the important, private data behind it.

In this case, it was two boys who wanted to see if what they’d found on the Internet was accurate.  In so many other cases the intent is far more malicious.  Could the boys have accessed private customer information?  That answer is not clear, but just imagine that possibility and remind yourself this company didn’t bother to change the password from the default listed in the online manual.

To learn more about creating a secure password click here.



Leave a Reply

Your email address will not be published.

Back to top