It is not always that straight forward. The ATM might be used by a convenience store and he might be the one managing it and incurring the loss but there is a danger to the client as well. Imagine an ATM you use, someone manages to get administrative access to it through one of the flaws mentioned in this article and switches the tray location of the $1 bills with the $50 bills. The perpetrator then uses a card and withdraws $4 and he actually runs away with $200. You go to this ATM which you don’t know has been compromised, you put in your card and withdraw $200 the machine gives you 4 $50 bills only now it thinks that $50 bills actually reside in the $1 tray so it gives you $4 and deducts $200 off your account/prepaid card or other such medium.

Now you might be lucky and the ATM owner decides that losing $400 is better then losing you as a customer and takes all the financial hit himself or he can play ignorant and say that according to the records, $200 were withdrawn and that’s what the ATM gave and refuses to pay you back, especially if it was not just you but a lot of other people who got hit by this. In any case getting your money back might end up costing more than the money you lost when factoring in time wasted and everything else.

Security issues can have a wide range of repercussions and while at first glance it may seem that they don’t affect us, indirectly or through an unintended consequence, they may actually do.

From the company’s perspective however, it’s quite frightening how much of this compromising information is readily available on the internet.

This is really just the tip of the Iceberg. We all know that once information is leaked onto the internet it can never be taken back. Since the ATM manual containing the administrator credentials has been leaked on the internet one can bet it is still available. If one were to look hard enough I am sure it can still be found. Obviously that would not pose a threat to all the updated ATMs but I am sure that not all were updated. This effectively means that the credentials contained in the old manuals most likely still pose a security threat for some even today.

You make a valid point that ATMs can be a popular hangout for robbers however paying with the ATM card is not without its risk either. The primary danger is skimming which I discussed in an old article: http://www.gfi.com/blog/21st-century-heists-part-2/

Thankfully a lot of banks are now switching to chip and pin cards which should be an effective defense against these sort of attacks.

Yes Iam, I am sure the reason for that design decision was convenience. Another possibility may be that the ATM can be set up in an environment where access is only possible from the front; yet it is still inconceivable to me how a manufacturer could have ever justified this as an acceptable risk.

“…as the article goes on to say that some ATM designers didn’t have a basic sense of physical security and placed the administrative port on the outside where it would be accessible by anyone…” – perhaps because the designer’s philosophy is convenience (for whoever is in-charge for maintaining the machine) over security.

And we thought life is much easier now. Such is the paradox of our time.