Automated Teller Machines are vulnerable to phone system attacks which could mean that your cash and passwords are at risk.
The shocking news was discussed at a black hat security conference in Las Vegas with demonstrations of infiltrations against two of the world's biggest ATM makers, Tranax and Triton. Software is used over a phone line to allow in a rootkit and from there the information is easily accessible.
Security Researcher for IOActive, Barnaby Jack, said: "These ATMs need an overhaul, they are not used to concerted hacking attacks in the way that Microsoft is. We need to make up for the fact that a secure methodology has not been put in place and stop the use of jackpotting through phone system hacking techniques."
Triton and Tranax have since fixed the vulnerabilities. Mr Jack has developed Dillinger, named after a famous bank robber, to access ATMs which are connected to telephone systems or the internet. This allows him to find out which ATMs are vulnerable. The system works by dialing lots of phone numbers and the responses which come from ATMs can then be identified.
Mr Jack called on the companies to do a better job of reviewing their codes and operating systems. His demonstration had originally been planned for the previous year but had to be pulled so that the companies could work out how to fix the problems before they were demonstrated.