A DUO OF Canadian high-school students hacked into a Bank of Montreal ATM using an old operating manual they found online.
14-year-olds Matthew Hewlett and Caleb Turon from Winnipeg are not due to face any charges, but are instead being thanked by the bank for exposing the security hole.
According to the Winnipeg Sun, the two boys hacked the BMO ATM at a local Safeway after finding an old manual for the machine on the internet that claimed it could put them in operators mode.
“We thought it would be fun to try it, but we were not expecting it to work,” Hewlett said
It did, but asked the boys for a password that they guessed on their first try. While they exact code hasn’t been revealed to the media, it was said to be a common, six-digit ‘default’ password.
The boys brought their findings to a nearby BMO branch but they said it “wasn’t really possible” and wanted proof.
So we both went back to the ATM and I got into the operator mode again. Then I started printing off documentation like how much money is currently in the machine, how many withdrawals have happened that day, how much it’s made off surcharges.
They also changed the surcharge amount to one cent and left a welcome greeting that said, ‘Go away. This ATM has been hacked’.
The bank were thankful when they returned with the evidence, and wrote them a note to excuse them for being late during their lunch in school.
Representatives from BMO told the Calgary Herald that no customer information was jeopardised when the boys accessed the ATM’s system.
According to Ars Technica, unauthorised access of an ATM is a violation of various statues, regardless of intention. ‘Whitehat hackers’ are, for this reason, advised to always get permission before testing system vulnerabilities. Luckily, these guys got off with a note and a pat on the back.