Working of ATMs
I was wondering how ATMs work. They work over a network(as all withdrawal or deposits have to be updated immediately). So if a hacker hacks in their network, by using MITM and other such attacks, he can modify the value the Bank Server sends to the request of the ATMs(thinking of them as in a Client Server relationship). Thus, a person can take out or withdraw a whole lot of cash that is not in his account(as the ATM or the client first checks if the amount requested to be withdrawn is lesser than the amount in the account and is also less than the maximum withdrawal amount of the day).
goluhaque wrote: I was wondering how ATMs work. They work over a network(as all withdrawal or deposits have to be updated immediately).
No, there's a delay.
So if a hacker hacks in their network, by using MITM and other such attacks, he can modify the value the Bank Server sends to the request of the ATMs(thinking of them as in a Client Server relationship).
You can't, because heavy encryption is applied on the data and there's checks to be passed you can't pass if you modify the data.
Thus, a person can take out or withdraw a whole lot of cash that is not in his account(as the ATM or the client first checks if the amount requested to be withdrawn is lesser than the amount in the account and is also less than the maximum withdrawal amount of the day).
You can't withdraw cash that isn't in your account using a MitM attack.
Even skimmers have encryption these days. HAD More details And thats 2008!
wolfmankurd wrote: Even skimmers have encryption these days. HAD More details And thats 2008!
Skimming is a completely different "exploit". With skimming, you make an -exact- copy of someone's card and you tape someone's pin code with microphones or cameras (most used).
With skimming, you're not exploiting the ATM. You're copying someone's banking pass and PIN code and then proceed to make a "valid" transaction.
spyware wrote: Skimming is a completely different "exploit". With skimming, you make an -exact- copy of someone's card and you tape someone's pin code with microphones or cameras (most used).
With skimming, you're not exploiting the ATM. You're copying someone's banking pass and PIN code and then proceed to make a "valid" transaction.
Well done for stating the fucking obvious.
I was pointing out that all things atm are encrypted to the point that even the thiefs are protecting the data
Anyone with more inteligence than a pub toilet skidmark would have realised this.
wolfmankurd wrote: Anyone with more inteligence than a pub toilet skidmark would have realised this.
Kay, I wasn't being a dick but I tried to stay on the goddamn topic OP put there in the first place. Yeah, skimming, that's totally rad. Not what he/she was trying to discuss. "MITM" was mentioned several times, and was talking about encryption and interception/altering of data.
spyware wrote: [quote]wolfmankurd wrote: Anyone with more inteligence than a pub toilet skidmark would have realised this.
Kay, I wasn't being a dick but I tried to stay on the goddamn topic OP put there in the first place. Yeah, skimming, that's totally rad. Not what he/she was trying to discuss. "MITM" was mentioned several times, and was talking about encryption and interception/altering of data.[/quote]
Skimming and and fake keypads are mitm. They sit between you and th ATM and steal data.
AFAIC, no encryption is needed, so long as you are in between the two parties it's MITM.
In the case of the skimmer and fake fascia above, the victim thinks they are sending messages directly to the ATM system, and the ATM system thinks it's getting messages directly form the victim.
However, the are really being intercepted by the fake fascia, which could also potential modify the input…
spyware wrote: I've never heard of a successful skimming attack in which the card-clone machine also edits data that is passed to the ATM.
Several factors here. The potential exists firstly, and that's all that matters. It is not neccesary to alter the data (you only need to do it's an assymeteric encryption scheme, otherwise just listen and let live)
Secondly, exaclty how many skimming designs can we know about, except for unsuccessful ones? I know of a few types, but I have never researched them, maybe you have idk, more importantly I don't care.
It's MITM get over it, you were wrong, thats okay no one except you cares.
wolfmankurd wrote: It's MITM get over it, you were wrong, thats okay no one except you cares.
It's not a man in the middle attack, I wasn't wrong. It's not about "caring", I just don't like to see terminology abused, people reading this thread might get a wrong idea about MitM attacks and what the term "man in the middle" means.
Cloning a card is theft of data that happens between client<->bank communication, yes, but that doesn't make it a MitM attack. You can consider something a MitM attack when the attacker can successfully impersonate/act as the endpoint of a transmission. This is not the case here.
This is how i see your argument.
One is passif mitm, when ones steals credentials, this only happens for a few seconds, just the time to get the information.
The other could be considered actif/continuous/live when ones become the live link between the server and the client. Data is continuously passed through the attacker (the man in the middle).
So is this a correct way to see it?
litsnth wrote: This is how i see your argument.
One is passif mitm, when ones steals credentials, this only happens for a few seconds, just the time to get the information.
The other could be considered actif/continuous/live when ones become the live link between the server and the client. Data is continuously passed through the attacker (the man in the middle).
So is this a correct way to see it?
No, and in the future try to refrain from bumping ancient threads if your posts aren't useful. Please.