A couple of crafty 14-year-old kids from Winnipeg figured out how to get past the security on a a Bank of Montreal ATM. Crazy as it might sound, the “hack” didn’t require any advanced computer hacking at all—these kids just looked up the ATM manual on the internet.
The Edmonton Journal reports that Matthew Hewlett and Caleb Turon went online to look up the operator’s manual for the BMO ATM sitting at their local grocery store, and were able to switch the cash machine over to administrator mode by simply entering one of the default system passwords.
Luckily for the bank, the teens weren’t trying to rob the ATM or install malicious card skimming software. Instead, they reported the compromised ATM to employees at a local BMO branch. The extent of the damage they did was changing the ATM’s welcome screen to read “Go away. This ATM has been hacked.” According to the Edmonton Journal, Hewlett and Turon cooperated with the bank, but BMO hasn’t responded more broadly to inquiries about security.
The conclusion of this story makes it more amusing than terrifying, but it could have easily ended in lots of people getting ripped off. This kind of passcode idiocy persists not just in ATMs but for security systems of all kinds. If you’re using a default password anywhere, you’re basically asking for a rough time down the line.