Criminals in the US have come up with a new way to steal money from cashpoint machines (ATMs) by gluing down keys in a way that stops customers completing a transaction.
According to US reports, the technique is as simple as gluing down the physical ‘enter’, ‘cancel’ and ‘clear’ keys that bank customers would normally hit after entering their PINs.
Assuming the customer doesn’t notice that they can also hit ‘enter’ using the touchscreens now common on ATMs, they are forced to abandon the transaction with the PIN entered and the card still in the machine, allowing the crooks to access their accounts once they leave the scene.
The technique is unlikely to work on a large scale – most people will use the touchscreen as a backup – but thefts have been reported in the San Franscisco area in recent weeks, as reported by the San Francisco Examiner.
The attack depends on the dual nature of today’s cash machines that mix physical entry (which some people still prefer) with the touchscreens the banks would rather people used in future.
Bank ATM hacks of one sort of another are as old as the machines themselves, but most passive attacks involve more complex techniques including infecting the internal software with malware.
Four years ago a researcher even managed to uncover master passwords for commonly used ATM machines simply by using Google.