This is an interesting article on hackers combining their physical penetration skills with technical skills. Hackers were able to drill a whole the size of a golf ball next to the PIN pad and insert a wire to take command and control of the ATM and dispense cash. Security researchers at Kaspersky demonstrated that the technical hack could easily be done with a simple Arduino controller, a breadboard, and a 9 volt battery.
These stories remind me of Terminator 2 when young John Connor was hacking the ATM machine. The ironic thing is that the ATMs that were compromised have been used since the 90s when that movie came out!
The challenge that banks will face in fixing this vulnerability is that the software cannot be done remotely and they are also recommending adding additional hardware enhancements and physical security controls (e.g. surveillance cameras, physical access controls). This all requires work to be done on premises and these devices are apparently widely in use.
Hackers Are Emptying ATMs With a Single Drilled Hole and $15 Worth of Gear
Mauchel Barthelemy says
Drilling a whole the size of a golf ball next to the PIN pad and inserting a wire into it requires quite some physical efforts performance. This convinces me be to believe that this form of attack would be difficult to execute successfully if proper surveillance equipment is installed. But hey, hackers are figuring out to bypass whatever surveillance equipment certain banks have in place to do this, so there must be something more that should be done to combat this.