• • • • Two 14-year-old Canadian boys almost got into trouble last Wednesday, but somebody wrote them a nice note explaining that they were late getting back from lunch because they had hacked the bejeezus out of an ATM. The note began thusly: Please excuse Mr. Caleb Turon and Matthew Hewlett for being late during their lunch hour due to assisting [Bank of Montreal] with security. According to the, the two ninth-graders came across an old ATM operators manual online that showed how to get into the machine’s operator mode. So on Wednesday, over their lunch hour, they thought they’d give it a go.

Nov 11, 2016  Executive Engineer Recruitment 2017 Recruitment of Principals and Teachers in OAVS RECTPCL Recruitment 2017 RECTPCL Recruitment 2017 –.

They went to the Bank of Montreal’s (BMO’s) ATM at the Safeway on Grant Avenue in Winnipeg. Much to their surprise, the dusty old manual’s instructions worked.

When the ATM asked for a password, they plugged in the first lame-o, six-character groaner of a that popped into their heads. That worked, too. Much to the boys’ white-hat credit, they then marched right over to a nearby bank branch to let them know. Staff’s response: no way. Boys’ response: yes, way.

And then, they proved it. Here’s how, as Hewlett described it to the Winnipeg Sun: We both went back to the ATM and I got into the operator mode again. Then I started printing off documentation like how much money is currently in the machine, how many withdrawals have happened that day, how much it's made off surcharges. Then I found a way to change the surcharge amount, so I changed the surcharge amount to one cent. Then, just for fun, and, well, for the sake of accuracy, Hewlett changed the ATM’s greeting from “Welcome to the BMO ATM” to “Go away. This ATM has been hacked.” They printed out six documents for BMO, and this time, staff took them seriously. BMO sent an email statement on Friday in which Ralph Marranca, director of media relations, said the bank was aware of the incident and had taken steps that block unauthorized access.

From the statement sent to the Winnipeg Sun: Customer information and accounts and the contents of the ATM were never at risk and are secure. Keygen. What’s the takeaway? To keep manuals under lock and key, most assuredly, for one. And o, by the way, surely there shouldn’t be any way for anyone to access anything other than the public-facing functionality through the public facing terminal?

Naked Security has written scads of “DON’T HARDWIRE PASSWORDS!” and “DON’T INCLUDE BACKDOORS!” stories. If the 14-year-olds’ attack was based on magic sequences that shouldn’t be publicly available, that’s the same sort of failing. This isn’t the first time that hardwired passwords and backdoors have let attackers into the juicy guts of an ATM, mind you. As this clip () shows, some guy (who presumably got away with it!) in the US state of Virginia punched in a secret code that told the ATM that its stack of $20 bills were actually $5 bills. He went on a profitable little spree, asking for multiple $250 withdrawals that each netted him $1,000, according to CNN. What reason is there to have a magical sequence that let him do that? Then too, the late, great firmware hacker Barnaby Jack famously concocted his “Jackpot” program, which goaded two ATMs into – as well as snitching sensitive data off of people’s bank cards – on stage at the 2010 Black Hat conference.