Am I offtrack in wondering if by reverse engineering the mentioned in-the-clear ATM communications you could (in theory) inject some malicious packets and in effect just dispense cash to yourself with a laptop and a dish? How very cyberpunk.
It's absolutely jaw-dropping. Either no-one at these companies was capable of understanding the problem, or no-one cared enough to do something about it.
From my time in similar companies, some people understand, and might care, but aren't empowered to do anything about it. They've got a job to do, and creatively auditing network security isn't it. Finding this kind of issue on the company clock won't get them promoted, on the contrary they'll look like they're slowing the team down with vulnerabilities to fix when they've got stuff to build and sell. Very poor security culture.
Am I offtrack in wondering if by reverse engineering the mentioned in-the-clear ATM communications you could (in theory) inject some malicious packets and in effect just dispense cash to yourself with a laptop and a dish? How very cyberpunk.
It's absolutely jaw-dropping. Either no-one at these companies was capable of understanding the problem, or no-one cared enough to do something about it.
From my time in similar companies, some people understand, and might care, but aren't empowered to do anything about it. They've got a job to do, and creatively auditing network security isn't it. Finding this kind of issue on the company clock won't get them promoted, on the contrary they'll look like they're slowing the team down with vulnerabilities to fix when they've got stuff to build and sell. Very poor security culture.
Likely both.