He pressed 5x SHIFT and hacked the ATM's cashpoint
It was enough to press the 5x SHIFT key on a full-sized QWERTY keyboard to get to the Windows XP operating system, which is installed in the ATM of Sberbank's ATM.
The Sticky Keys feature is activated by repeatedly clicking the Shift key and is appreciated above all by people with disabilities. Unfortunately, in the case of an ATM that had a full-size keyboard it is quite the opposite. Running sticky keys makes the user access the Windows XP user interface, including the Start menu or the taskbar. Access to these areas of the operating system means that the malicious user can try to modify the ATM's operation, turn off the computer, use the ATM as an ordinary computer, and even install malicious software under appropriate conditions.
PoC was presented in this video:
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.