The planned talk by Barnaby Jack, entitled "Jackpotting Automated Teller Machines", was pulled after the affected ATM maker raised concerns that it would not be able to fix the flaw in time. Juniper did not identify the ATM vendor but said in a statement that others may also be affected by this issue.
"Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack's presentation until all affected vendors have sufficiently addressed the issues found in his research," Steve Manzuik, Juniper's senior manager of security research, said in a statement. "As always, Juniper is committed to the responsible disclosure of security vulnerabilities.
It is unclear exactly what Jack planned to unveil in his presentation, but cash machine issues have made the news in recent months. In March, Diebold revealed that it issued a security update for its Windows-based ATMs after a number of its machines in Russia were infected with customised trojans.
"We are reaching out to other ATM vendors with the offer to assist them with promptly and diligently addressing the security risks and vulnerabilities uncovered in Jack's research," Manzuik said.
This is not the first time a Black Hat presentation was deemed too controversial to see the light of day. In 2005, Cisco and Internet Security Systems (ISS), now owned by IBM, threatened to sue researcher Michael Lynn just hours before he was to deliver a talk about vulnerabilities in the Cisco IOS. Lynn quit his job at ISS and proceeded anyway. Soon after, he settled with the two companies, essentially promising not to further discuss the exploit.
In 2007, security services consultant IOActive bowed to pressure from HID Global to withdraw its presentation. IOActive's director of research and development, Chris Paget, had planned to demonstrate security weaknesses in HID's RFID technology.
And last year, a judge in Boston issued a temporary restraining order against three Massachusetts Institute of Technology students who had planned to present their findings on vulnerabilities in the Massachusetts Bay Transportation Authority's subway fare collection system. The MBTA later dropped its lawsuit, but the talk never happened.
See original article on scmagazineus.com
Juniper pulls researcher's Black Hat ATM talk
Juniper Networks has decided to scrap a presentation by one of its researchers that was set to show how a cash machine software vulnerability can be used to score free money.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
.png&h=140&w=231&c=1&s=0)
Partner Content
Machine identity a key priority for organisations’ security strategies: CyberArk
Unlock SMB Success with Microsoft Copilot
Partner Content
ElasticON Sydney 2025: Deriving value from your data with Search AI
Partner Content
Logicalis APAC CIO Report: The CIO’s 2025 Mandate
Sponsored Whitepapers
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
