Juniper nixes ATM security talk

The researcher had found serious flaws in ATM software

Router maker Juniper Networks has barred one of the company's security researchers from discussing security flaws in Automated Teller Machines after an ATM maker threatened legal action.

Staff Security Researcher Barnaby Jack had been set to deliver a July 30 talk entitled "Jackpotting Automated Teller Machines" at the Black Hat security conference in Las Vegas. But Jack abruptly asked conference organizers to pull the talk on Monday, according to Black Hat Director Jeff Moss. The talk has also been pulled from Black Hat's sister conference, Defcon, he added.

News of the cancellation was first reported by security news site Risky.Biz.

In a statement, Juniper said Tuesday that it made Jack withdraw the talk after an ATM vendor expressed concern that Jack's research could be misused. "Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack's presentation until all affected vendors have sufficiently addressed the issues found in his research," Juniper said.

Neither Juniper nor Moss would name the ATM maker that Jack had been studying, but Juniper says it is reaching out to other vendors as well to share information.

According to Jack's description of the talk on the Defcon site, he had found a vulnerability in the underlying software used to run "a line of popular new model ATMs."

"I've always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine," the Juniper researcher wrote. "I think I've got that kid beat."

The presentation was supposed to "explore both local and remote attack vectors, and finish with a live demonstration of an attack on an unmodified, stock ATM."

According to a source familiar with the situation, Jack had been working with the vendor for the past nine months, but the ATM maker grew concerned that Jack's talk would lead to some bad publicity.

Black Hat talks have been pulled in the past because of legal threats. In 2005 researcher Michael Lynn was told by his employer, Internet Security Systems, to pull a Black Hat talk on router vulnerabilities after Cisco Systems threatened to sue him. Lynn quit and gave the talk anyway.

Within months, he was hired by Juniper.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags juniperblack hatautomatic teller machine

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?