Take all my money - penetrating ATMs
Fredrik Sandstom
DEF CON 33 · Day 1 · Main Stage
Fredrik Sandstrom, a veteran penetration tester with a decade of experience in offensive security, delivers a revealing talk at DEF CON titled "Take all my money - penetrating ATMs." This presentation delves into the surprisingly prevalent vulnerabilities of Automated Teller Machines, drawing from Sandstrom's extensive "war stories" and real-world engagements. The talk highlights that despite their critical role in financial infrastructure, many ATMs suffer from fundamental security flaws, ranging from easily bypassed physical defenses to critical software and network misconfigurations.
AI review
Sandstrom delivers a competent, well-structured tour of ATM attack surface — physical weakness, XFS abuse, disk encryption failures, network misconfigs — grounded in real pen test experience and a solid war story. The material is real and the speaker clearly did the work, but almost none of this is new to anyone who follows ATM security research; Barnaby Jack demoed jackpotting at Black Hat 2010, and the XFS portability angle, weak physical locks, and unencrypted network traffic have all been covered in prior DEF CON and CCC talks.