Curious Teenagers Hack ATM by Using the Default Password
Here’s another example of why you should always change the default password. A couple of curious teenagers managed to hack into an ATM by using, drum rolls please, the default password.
Matthew Hewlett and Caleb Turon used the default password they found in an ATM operator’s manual to access the ATM’s administrator mode. They successfully hacked the machine by simply using the default password!
Lots of devices, including ATMs of course, are password protected. When you first set up the device, you must change the default password with another password, preferably a strong one. Fail to change the password and anyone could access the device. It is a hacker’s dream come true – and it is precisely what happened in Winnipeg, Canada.
Matthew Hewlett and Caleb Turon, grade 9, managed to find an ATM operator’s manual online. Inside the manual there were instructions on how to access the ATM’s operator mode – the one that lets you see how much money there is in the machine, set the surcharge, change the greeting message, and so on.
During their lunch break, the grade 9 students decided to give it a shot. So they tried out the default password on a Bank of Montreal ATM at the Safeway grocery store and, much to their surprise, it worked. The two never thought something like this would work. But it did! They successfully hacked into the ATM by using the default password!
What did they do next? They could have taken the criminal route, but they didn’t. They had a bit of fun first. They changed the ATM’s greeting to from “Welcome to the BMO ATM” to “Go away. This ATM has been hacked” and they lowered the surcharge for transactions to one cent. Then they went to a BMO branch and reported the issue.
Bank representatives were skeptical at first; the bank’s head of security asked the duo to present proof to backup their claims. So the two boys went back to the ATM, hacked it again, and returned with printouts that showed they managed to access the machine’s admin mode.
As mentioned above, the two boys did this during their lunch break. Understandably, they were late to class. But bank officials were kind enough to write them a note explaining that they were late “due to assisting BMO with security.”
Bank of Montreal officials said that not customer info was compromised and that they would review the security of all ATMS.
Matthew Hewlett and Caleb Turon used the default password they found in an ATM operator’s manual to access the ATM’s administrator mode. They successfully hacked the machine by simply using the default password!
Lots of devices, including ATMs of course, are password protected. When you first set up the device, you must change the default password with another password, preferably a strong one. Fail to change the password and anyone could access the device. It is a hacker’s dream come true – and it is precisely what happened in Winnipeg, Canada.
Matthew Hewlett and Caleb Turon, grade 9, managed to find an ATM operator’s manual online. Inside the manual there were instructions on how to access the ATM’s operator mode – the one that lets you see how much money there is in the machine, set the surcharge, change the greeting message, and so on.
During their lunch break, the grade 9 students decided to give it a shot. So they tried out the default password on a Bank of Montreal ATM at the Safeway grocery store and, much to their surprise, it worked. The two never thought something like this would work. But it did! They successfully hacked into the ATM by using the default password!
What did they do next? They could have taken the criminal route, but they didn’t. They had a bit of fun first. They changed the ATM’s greeting to from “Welcome to the BMO ATM” to “Go away. This ATM has been hacked” and they lowered the surcharge for transactions to one cent. Then they went to a BMO branch and reported the issue.
Bank representatives were skeptical at first; the bank’s head of security asked the duo to present proof to backup their claims. So the two boys went back to the ATM, hacked it again, and returned with printouts that showed they managed to access the machine’s admin mode.
As mentioned above, the two boys did this during their lunch break. Understandably, they were late to class. But bank officials were kind enough to write them a note explaining that they were late “due to assisting BMO with security.”
Bank of Montreal officials said that not customer info was compromised and that they would review the security of all ATMS.
