Bruce Schneier: Programming ATMs to Believe $20 Bills Are $5 Bills

The concept is simple: The in-store ATMs you find in every store nowadays are unbelievably easy to hack.

A simple Google search (no, I won’t show it to you — if you’re a hacker worth your salt you should be able to figure that search out easily) finds the manual to the most common ATMs. The attacker can use this manual to learn the key press procedure to get into Master, Service, and Operator modes plus these levels’ default passwords. No keys are needed. Once you’re Master, you’ve rooted the machine.

Just think of how many of those ATMs out there still use the default passwords. Just think how many of those ATMs are wide open.

Scary, huh?