An interesting design failure
Posted by Pete McBreen 09 Oct 2006 at 12:48
Bruce Schneier poinmted to an interesting failure mode for ATMs. Given that the ATM is a case study in the Use Case Course this is one failure mode we did not consider.
- The man then punched a series of numbers on the machine’s keypad, breaking the security code. The ATM was programmed to disburse $20 bills. The man reprogrammed the machine so it recorded each $20 bill as a $5 debit to his account.
It seems thatthere is a default password to allow the installers to program the machines.
I thought by now we would have learned NOT to have default passwords on systems.