Over the past year I have worked at understanding and breaking the new methods that ATM manufactures have implemented on producing "Next Generation" Secure ATM systems. This includes bypassing Anti-skimming/Anti-Shimming methods introduced to the latest generation ATMs, along with NFC long range attacks that allow real-time card communication over 400 miles away. This talk will demonstrate how a $2000 investment can perform unattended "cash outs," touching also on failures in the past with EMV implementations and how credit card data of the future will most likely be sold with the new EMV data - with a short life span. This talk will include a demonstration of "La-Cara," an automated cash out machine that works on current EMV and NFC ATMs. "La-Cara" is an entire fascia placed on the machine to hide the auto PIN keyboard and flashable EMV card system that silently withdraws money from harvested card data. This demonstration of the system can cash out around $20,000/$50,000 in 15 min. With these methods revealed we will be able to protect against similar types of attacks.
Weston Hecker has been pen-testing for 11 years and has 12 years of experiencedoing security research and programming. He is currently working for Rapid 7.Weston has recently spoken at Defcon 22 & 23, Enterprise Connect 2016,ISC2-Security Congress, SC-Congress Toronto, BSIDESBoston, HOPE 11 and at over50 other speaking engagements from telecom regional events to Universities onsecurity subject matter. Weston works with a major university's researchproject with Department of Homeland Security on 911 emergency systems andattack mitigation. He attended school in Minneapolis Minnesota and studiedComputer Science and Geophysics. Weston found several vulnerabilities in verypopular software and firmware, including Microsoft, Qualcomm, Samsung, HTC,Verizon.