Hacker who made ATMs spit out cash dies in US

Print
Email
|

Associated Press

Posted on July 27, 2013 at 2:06 AM

Updated Saturday, Jul 27 at 2:32 AM

SAN FRANCISCO (AP) — A prominent hacker who discovered a way to have automatic teller machines spit out cash and was set to deliver a talk about hacking pacemakers and other wireless implantable medical devices has died in San Francisco, authorities and his employer said.

Barnaby Jack died at his home in San Francisco Thursday, although the cause of death is still under investigation, San Francisco Deputy Coroner Kris Barbrich said.

Jack, who was in his mid-30s, was scheduled to speak on Aug. 1 at the Black Hat security conference in Las Vegas. The headline of his talk was, "Implantable Medical Devices: Hacking Humans," according to a synopsis on the Black Hat conference website.

Jack planned to reveal software that uses a common transmitter to scan for and "interrogate" individual medical implants, the website said.

The topic is reminiscent of the second season of the TV drama "Homeland," when terrorists kill the vice president by hacking into his heart device. Jack planned to discuss ways manufacturers could improve the security of the devices.

Jennifer Steffens, the CEO of computer security firm IOActive, Inc., where Jack worked, called Jack one of the most accomplished security researchers. He dedicated his career to exploiting weaknesses in onboard computers in cars, automated teller machines and other so-called "embedded devices" so that they can be better protected.

"A truly visionary man in many ways, Barnaby's recent critical research into the safety of medical devices such as pacemakers leaves behind a legacy that will never be forgotten," Steffens said in a statement. "IOActive will be working with the industry as a whole to ensure the advancements Barnaby started in this field will continue saving lives for years to come."

Jack made headlines at the Black Hat conference in 2010 when he demonstrated, his ability to hack stand-alone ATMs. He was able to hack them in two ways — remotely and using physical keys that come with the machines.

He had spent years tinkering with ATMs he bought online and found that the keys that came with his machines were the same for all ATMs of that type made by that manufacturer. He used his key to unlock a compartment in the ATM, and then used a USB slot to insert a program that commanded the ATM to dump its vaults.

In the second method, he exploited weaknesses in the way ATM makers communicate with the machines over the Internet.

During his talk entitled "Jackpotting ATMs," he didn't go into detail about how he hacked the machines remotely, saying his goal was not to teach people how to hack ATMs but to get manufacturers to be proactive about implementing fixes.

"Barnaby had the ability to take complex technology and intricate research and make it tangible and accessible for everyone to learn and grow from," Black Hat said in a statement.

The conference said it will not replace Jack's talk, but instead leave the slot open so people can commemorate his life and work.

He was survived by his mother and sister in New Zealand and girlfriend in California.

Print
Email
|