Goldilocks and the Three ATM Attacks

Explore the evolving landscape of Automated Teller Machine (ATM) attacks in this 28-minute conference talk from BSidesSF 2019. Delve into three case studies showcasing the increasing sophistication of criminal tactics, from compromising networks to exploiting software vulnerabilities. Learn about unknown ATM flaws uncovered during penetration testing, various attack methods employed by criminals, and prevalent security issues in ATM systems. Discover preventive measures against these threats as the speaker analyzes three distinct scenarios: an ATM with poor security, one with robust protection compromised by a zero-day exploit in management software, and a seemingly secure system undermined by deployment flaws resulting in a $7 million criminal operation. Gain insights into side-loaded applications, flash apps, wafer locks, and electronic locks used in ATM attacks. Conclude with a Q&A session to address audience inquiries about this critical aspect of financial security.

Introduction
About David
ATM Bravo Analysis
ATM Charlie Analysis
ATM Alpha Analysis
Flash App
Wafer lock
Electronic lock
How to prevent
Audience Questions