"Using clues obtained from a YouTube video and a simple four-word Google search engine query, a criminal can find step-by-step instructions for how to hack into and take control of thousands of ATMs scattered around the United States. (...)
In the operator manual freely available on the Web site of a Canadian reseller, a section titled Programming provides the specific key sequence that will pop up a screen on the ATM that asks for the master password. It then lists three default passwords—master, service and operator—that could be used to hijack and possibly rig a machine."
And because most people are lazy, many ATMs still have the default passwords, which are freely available. A quote from the manual of an ATM:
"The default Master password is 123456 and the default Administrative password is 987654. To enter Management Functions as the Administrative user, enter 987654 and press ENTER (OK)."
The article concludes that "the episode underscores how easy it is to use the power of search engines to find sensitive security information. In the past, Google queries have been used to find security flaws in Web-facing applications, default passwords in Oracle databases and even live malware samples seeded on forums and other malicious sites." That's true, but you should also think that publicly available information is... available to public, so anyone can use it. Google and other search engines can only make this process easier, but the fault is not theirs.
No comments:
Post a Comment