Black Hat/Defcon ATM Security Flaw Talk Canceled

This is an issue in the world of security. It seems that many companies do not want people to know about gaps in their security or planning.

For the second year running a talk at Defcon/Black Hat covering a security hole in an automated service has been canceled. Last year it was after the Boston Transit Authority filed an injunction on three MIT students for exposing a flaw in their smart card payment system. This year it is a talk exposing a flaw in something that everyone uses, the Automated Teller.

It seems that there is a serious flaw in the software used in some ATMs that can allow a malicious person to access the internal network and to steal pin and account numbers. Barnaby Jack was going to discuss this at length and was also going to demonstrate both remote and local attacks on an unmodified ATM.

As you can imagine the vendor that manufactures the ATM line was upset and asked that the talk be pulled. Their reasoning is that they want to have sufficient time to address the issue before the flaw is exposed to the public.

While their stated goal of addressing the issue is great, it still make me wonder how a hole got there in the first place and if these companies actually test their systems to make sure they are protected against intrusion.