It's not an "NFC" hack. It's a terminal hack over NFC. The first time I saw this article I thought there was something wrong in the NFC protocol or one of the NFC applications.

You might score north of $10K if you're lucky and/or hit a few.

But given all the cameras on and around an ATM this would be a quick way to living your life looking over your shoulder.

Really? Here stolen cards are used everyday by people either wearing a helmet, masks, or nothing at all. They even bomb the ATMs, and never get caught. Don't trust that the police catches these guys most of the time. And don't trust banks who say they only got away with a few hundred bucks.

Unless you obscured your face with e.g. a motorcycle helmet or something.

Or a mask. But I guess you'd look really out of place wearing one of those in public. Good thing we're not in the middle of a global pandemic.

Terminator 2 ATM hacking scene, except by waving a phone.

Now I see how obi-wan did it. Waves hand. “These are the PIN digits you’re looking for.”

Easy money!

Yet another buffer overflow. Probably the software is written by some C/C++ developers who swear that those never occur in their code. Given the large number of security problems that have been caused by buffer overflows and similar problems, I find it very sad that any programs that need security are still written in C/C++.

Please don’t skip the prove hypothesis part when drawing conclusions. It’s at best disingenuous.

C/C++ isn't the issue, it's the lack of not using memory-safe features like smart pointers which you'll need C++ for.

While you're technically correct, your ignoring the pragmatic truth: most developers are terrible and should never write code. Because of this reality, C/C++ and all its footguns are something to be avoided unless there is no other alternative (usually this happens when integrating with legacy software or in industries like gaming where the switching costs are extreme).

So you're saying that since we're encouraging people to flood the market with little to no skill, we should instead accommodate them with Baby's First Programming Language and then force all of the other developers to follow the same methodology?

This makes no sense. It just sounds like Go.

Not the OP but we should weed out all the incompetent folk ASAP rather than hide it to maintain delivery speed.

I completely agree.

terrible programmers ain't nothing new though and large corp in critical fields are aware of that and have (or had) structural mitigations (slow and heavy processes, regulations etc)

This is sort of true, but show me a (non-trivial) C++ program that doesn't resort to naked pointers or references at some point.

In the real world, smart pointers help a lot and are a great idea but they don't fully solve the problem in the same way that Rust or memory safe languages do.

By this logic no C or C++ developer in history is a professional programmer. Approximately zero non-trivial programs have been written in C or C++ without memory management problems and/or vulnerabilities.

That's an ignorant and wrong assertion, spoken with an incredible amount of confidence.

Look up software verification. There are verifiers for C.

This is misleading. Formally verifying the behaviour of any large software is a really tall task, no matter what language they are written in.

That's not what the parent comment asserted though.

Often it's the employer encouraging the programmers to cut corners.

With a lot of things I agree with this statement, but not about memory management in C.

It's the "fault" of the programmer, but the language makes it very easy to make these faults, so I'd say it's the fault of the language.

No, it’s the market.

RIP Barnaby. https://en.wikipedia.org/wiki/Barnaby_Jack

Read the title too quickly and was hoping for an AMC NFT hack

How good would it feel to pop calc.exe on an ATM?

NFC Flaws Let Researchers Hack ATMs by Waving a Phone.. 0_o