It is always interesting, almost amusing, to follow what thieves can come up to steal money from ATMs, POS etc. Here one of the latest stunts described by Krebs. How is it possible that the physical security of these devices is so weak? We should be good at least in physical security, since has been around for thousands of years. It is more understandable that we have difficulty in dealing with ICT security, which is a relatively new discipline, and quite complex at that.
Lax physical security means access to hardware and the possibility to install and run what you want. This is just what happened to some ATMs in Mexico, see for example here.
It is just a reminder that logical security alone does not work. You always have to start from the hardware on which your software runs and have a comprehensive, eg. “holistic”, approach to security.