July 10, 2018
I originally wrote this post ~10 years ago. Doing a bit of recent Google-research suggests that not much has changed in all these years and ATMs are still being popped through explosive gas attacks.
December 28, 2008
Securing an ATM is hard. Consider this, you have a small compact (albeit strong and heavy) item stuffed with cash in a publicly accessible place. Unless you can sufficiently protect it, it’s going to become a liability.
Recently in Australia there have been a spate of ATM attacks whereby crooks fill the ATM with explosive gas through any suitable gap in the front of the machine and ignite. The result, apart from the extensive property damage is a sufficiently broken ATM that sometimes allows access to the cassettes of cash. With a quick get-away this technique has been yielding millions in cash in just a few weeks.
It’s not a new attack, indeed it’s a problem European Banks have suffered in the past. There exists at least one European vendor claiming to have a gas protection unit designed to be retro fitted onto an existing ATM that works by changing the gas make-up inside an ATM when an explosive gas is detected inside.
If gas-attacks where not enough, ATM bandits have been a problem for quite sometime, there have been countless instances whereby the ATM is removed from site and the cash removed after the fact.
In short, security engineering in all its forms is hard. I’ve worked in security now for well over 10 years and I’ve seen my fair share of blunders, mistakes and breaks. To be certain people will always find new vulnerabilities in systems because there is something humanly and innately satisfying about solving problems. From the perspective of a security researcher the problem is “How can I subvert the security of this system?” It’s not a bad thing when directed in the right way and it’s quite necessary to explore the possible attacks a system may have in order to redesign and protect that system in a manner that better handles the problem.