Two 14-year old children from Montreal, Canada managed to gain access to an ATM by referring to the operator’s manual that they found online. The manual described how to gain administrative access to the device, and was apparently easy enough that kids could read and understand it.
The story originally appeared in the Winnipeg Sun, which spoke to the boys. While the operator’s manual described how to access the administrative portion of the ATM, there was still a password in place. However, the bank failed to change the default password on the machine; and the boys managed to guess it from a list of default passwords on their first try.
Fortunately, the kids were not around to cause trouble and immediately went to inform the bank branch manager of what had happened. Naturally, they were not believed until they managed to make the ATM print documentation about its operations.
It might appear to be an isolated case, but it is likely that most banks do not bother to change the default password as they assume that nobody will be able to get into the administrative function in the first place. However, with the amount of information floating around on the internet, proper security measures should be implemented. Ars Technica has also pointed out that what the boys did was highly illegal and they were extremely lucky to avoid being arrested.
[Source: Winnipeg Sun]