I’m sure you already know criminals have the ability to steal all your money from your account with just having your ATM card, they don’t need to have your ATM pin before they can withdraw all your money from your account.
Forget about security! It turns out that the Chip-and-PIN cards are just as easy to clone as magnetic stripe cards. It took researchers just a simple chip and pin hack to withdraw up to $50,000 in cash from an ATM in America in under 15 minutes.
A team of security engineers from Rapid7 at Black Hat USA 2016 conference in Las Vegas demonstrated how a small and simple modifications to equipment would be enough for attackers to bypass the Chip-and-PIN protections and enable unauthorized transactions.
The team of researchers was able to show the audience an ATM spitting out hundreds of dollars in cash.
How The New Hack Works
The hack requires two processes to be performed:
First, the criminals need to add a small device known as a Shimmer to a point-of-sale (POS) machine (here, ATM’s card reader) in order to pull off a man-in-the-middle (MITM) attack against an ATM.
The shimmer sits between the victim’s chip and the card reader in the ATM and can record the data on the chip, including PIN, as the ATM reads it. It then transmits this data to the criminals.
The criminals then use a smartphone to download this stolen data and recreate the victim’s card in an ATM, instructing it to eject cash constantly.
Tod Beardsley, a security research manager for Rapid7, told the BBC that skimmer is basically a tiny RaspBerry-Pi-powered device that could be installed quickly to the outside of the ATM without access to the internals of the cash machine.
“It’s really just a card that is capable of impersonating a chip,” Beardsley said. “It’s not cloning.”
The perpetrators would only be able to replicate each card for a few minutes and use it to fraudulently withdraw money, enabling them to make between up to $50,000, but Beardsley suggests that a network of hacked chip-and-pin machines could create a constant stream of victims.
Researchers have disclosed full details about the issue in Chip-and-PIN ATMs to banks and major ATM manufacturers and said they hope the institutions (currently unnamed) are examining the issue.
I hope Nigerian Banks have upgraded their ATM machines to have anti shimming devices to prevent this hack.
NOTE: If your ATM card is missing or stolen, quickly visit the nearest branch of your bank and block the ATM card.