Some backstory that isn't in this article: Barnaby Jack (who goes all the way back to the original eEye research team in the last '90s early '00s) did this ATM research while working as a researcher for Juniper Networks. I believe the original vendor he targeted was Tranax; they make the crappy free-standing ATMs you see in bodegas†.
Jack notified the vendor and (obviously) got his talk accepted and announced at Black Hat. The vendor complained to Juniper, and Juniper had the talk pulled††. Jack left Juniper for IOActive and gave the talk the following year. Last time I checked, I believe he was at McAfee.
† Funny thing about Tranax: they managed to let Google crawl their maintenance manual a couple years ago, and the manual had their default maintenance code in it; a huge number of ATMs were found to be running with that default password, which allowed people to re-denominate the bills in the machine.
†† This was probably a reasonable call, because Juniper has billions of dollars to lose to a negligence suit brought by an ATM company.
Jack notified the vendor and (obviously) got his talk accepted and announced at Black Hat. The vendor complained to Juniper, and Juniper had the talk pulled††. Jack left Juniper for IOActive and gave the talk the following year. Last time I checked, I believe he was at McAfee.
† Funny thing about Tranax: they managed to let Google crawl their maintenance manual a couple years ago, and the manual had their default maintenance code in it; a huge number of ATMs were found to be running with that default password, which allowed people to re-denominate the bills in the machine.
†† This was probably a reasonable call, because Juniper has billions of dollars to lose to a negligence suit brought by an ATM company.