What do movies get wrong about computers

Continue Reading Below

In action, once the exploit is prepared, it takes only a couple seconds to execute. But if you read this news story, you see a hint of what had to be done first:

"[The hacker] then reverse-engineered the machines' code and created his own version of the firmware that could be installed on the machines ..."

It'd take a real idiot of a writer to think that one sentence could communicate the amount of labor that went in to "reverse-engineering the machines' code." So I'll try with one paragraph:

Step 1: Obtain an ATM. Surprisingly, this isn't too hard; you can get them on eBay apparently.

Step 2: Figure out as much as you can about how the ATM works. This will probably involve obtaining the manual from the manufacturer, and then partially disassembling the thing and looking at all its naughty bits.

It's an acquired taste getting off on this, but it can be done. To an electrical engineer, this is basically the equivalent of butt stuff.

Continue Reading Below

Step 3: Based on how you think the ATM works, abuse it a bit. Find its various inputs (the keypad, USB or network ports) and feed them crazy gibberish. See how it likes that. This will tell you more about how the ATM works internally.

Step 4: Break the ATM. Like a spurned lover or a really sinister psychiatrist, use everything you've learned about the ATM to destroy it. This is going to involve technical things like stack overflows, code injections, birthday attacks, race conditions, or any of a thousand other attacks you've never heard of.