Home > General Rants & Raves > Security Pay It Forward (Literally) – Giving Back to Tranax/Triton ATM Owners

Security Pay It Forward (Literally) – Giving Back to Tranax/Triton ATM Owners

Atms
The only thing worse than when people find out you’re in the "computer industry" and ask you to diagnose why their USB-powered combo blender/Easy-bake oven keeps giving them the BSOD is when they find out you’re in the "computer security" field and ask you to diagnose why their Symantec (nee Norton) Uber Blocking Pop-Up Personal Firewall prevents them from connecting to AOL.

Sometimes, however, I feel compelled to volunteer myself when I know I can quickly help so I can feel good about "giving back" and make the world a more secure place.

Today was such a day.

I took the kids to our local candlestick bowling joint en route to a matinee screening of "Hairspray" the movie (very good, by the way.)  As the kids were knocking down frames thanks to the bumpers in the gutters, I went to the ATM for monetary reinforcement in order to buy the requisite pop and pizza.

As I approached the machine, the floor manager — noticing that I was going to use the ATM — scurried to plug the machine in so I could use it.  Noticing that it was a Tranax unit since this particular marque has been in the news lately due to security concerns, I happily queried the manager as to whether or not they had changed the default password on the machine.

I don’t really know why I did this.  Perhaps because I wanted to settle a bet with myself or just to show off my mad security current event skillz.  Honestly, I think I just wanted to see what would happen under controlled circumstances.  Nevertheless, I asked and waited patiently for a response as the machine whirred and clicked.

She looked at me puzzled and asked what I meant and why.  At which point I was going to be content in alerting her to the potential that someone could easily use the Internet to gain 10 seconds of courage and rip them off by re-programming the ATM to think it was giving out $5 bills instead of $20 bills by gaining access to the admin. interface via the default password.

At the exact moment I said this, the machine finished booting as she walked away shrugging her shoulders wondering no doubt why this tattooed idiot in bowling shoes was trying to "help."  As she did this, the screen started blinking alerting me that the cash magazine was empty and if would I like to enter the Administrator mode.

I called her back over to the ATM and said "watch" at which point I was queried for the administrative password which I dutifully keyed in as "######" (not shown so I don’t enable those idiots who can’t manage to find the real number via Google.)  The myriad of administrative options was splayed out before me and we walked through the various scenarios that might appear should we execute.

Das machine was owned and now she understood.

We agreed that this was a bad thing and that she should unplug the machine until the owner who serviced the unit could be contacted.  I suggested that she find a way to make sure that nobody could plug it back in easily and I walked her through changing the password.

I figured I’d done a good deed and proceeded go out into the parking lot and scour my car for loose change so I could at least buy the kids a soda since I could no longer get cash and I didn’t exactly trust their security to use my credit card at this point.

I returned to find the manager giving me back the $23 I paid for bowling in return for the security lesson.

I thanked her for the trade and got the hell out of there before she asked me how to update the anti-virus signatures on the point of sale terminal that took credit card payments…

The moral of the story?  Don’t be afraid to offer a little security help every once in a while.  You never know, it might earn you $23 and some free bowling.  Karma.  Nice.

Now I’m going to visit the Mobil station down by the highway…they have the same machines.  I could always use some free gas ;)

As Cutaway would say…"Go forth and do good things."

/Hoff

Categories: General Rants & Raves Tags:
  1. yoshi
    July 22nd, 2007 at 05:46 | #1

    As I approached the machine, the floor manager — noticing that I was going to use the ATM — scurried to plug the machine in so I could use it.
    Why was the machine turned off to begin with and no cash?? That seems to be a little too convenient for your story.
    (i've also run across the same model ATMs – always on and always with cash because, after all, what good is it for them? I just avoid using them and walk away)

  2. July 22nd, 2007 at 06:22 | #2

    They unplug the machine which is right next to the kitchen area, it seems, because they use the same outlet to plug the vacuum cleaner into in order to clean the carpets.
    She had to unplug the vacuum in order to plug it in.
    I didn't ask why the cash was low or out of bills…I just wanted $20. The "owners" of the machine are responsible for stocking the magazine. I suppose since they had just opened (we were the only ones there and she was still finishing vacuuming) they hadn't gotten to it yet?
    I suppose that our little rural bowling alleys aren't as high-tech as yours in Minnesota, Yoshi.
    Are we done yet?
    /Hoff

  3. July 23rd, 2007 at 07:09 | #3

    Sir,
    Thank you for stepping up. Not that I would expect any less from you but it is good that you point these things out to others so that they can see the benefit and perhaps take the responsibility themselves in the future.
    Good work,
    Cutaway

  4. March 9th, 2009 at 05:30 | #4

    Hi,
    A security model generally includes the human in the loop; totally automated security models are generally disruptable.
    atm machine lease

  1. No trackbacks yet.