SAN FRANCISCO — A prominent hacker who discovered a way to have ATM machines spit out cash and was set to deliver a talk about hacking pacemakers and other wireless implantable medical devices died in San Francisco, authorities and his employer said.
Barnaby Jack died on Thursday, although the cause of death is still under investigation, San Francisco Deputy Coroner Kris Barbrich said. Craig Brophy, a spokesman for computer security firm IOActive, Inc., where Jack worked, confirmed his death and said the company would be issuing a statement.
Jack, who was in his mid-30s, was scheduled to speak on Aug. 1 at the Black Hat security conference in Las Vegas. The headline of his talk was, "Implantable Medical Devices: Hacking Humans," according to a synopsis on the Black Hat conference website.
Jack planned to reveal software that uses a common transmitter to scan for and "interrogate" individual medical implants, the website said.
He made headlines at the conference in 2010 when he demonstrated his ability to hack stand-alone ATMs. He was able to hack them in two ways — remotely and using physical keys that come with the machines.
He had spent years tinkering with ATM machines and found that the keys that came with his machines were the same for all ATMs of that type made by that manufacturer. He used his key to unlock a compartment in the ATM, and then used a USB slot to insert a program that commanded the ATM to dump its vaults.
In the second method, he exploited weaknesses in the way ATM makers communicate with the machines over the Internet.
"Barnaby had the ability to take complex technology and intricate research and make it tangible and accessible for everyone to learn and grow from," Black Hat said in a statement.
The conference said it will not replace Jack's talk, but instead leave the slot open so people can commemorate his life and work.
Guidelines: Please keep your comments smart and civil. Don't attack other readers personally, and keep your language decent. Comments that violate these standards, or our privacy statement or visitor's agreement, are subject to being removed and commenters are subject to being banned. To post comments, you must be a registered user on toledoblade.com. To find out more, please visit the FAQ.