Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vacationing Security Researcher Exposes Austrian ATM Skimmer (carbonblack.com)

Posted by EditorDavid on from the reading-the-cards dept.

While vacationing with his family in Vienna, Ben Tedesco (from security company Carbon Black) discovered an ATM skimmer "in the wild", perfectly crafted to look like the original card reader. New submitter rmurph04 shares Ben's story: I went to grab some cash from an ATM. Being security paranoid, I repeated my typical habit of checking the card reader with my hand as I have hundreds of times. Today's the day when my security awareness paid off!
Ben's blog post includes a video demonstrating the ATM skimmer, as well as close-ups showing the device had its own control board, strip reader, and even its own battery.

8 of 181 comments (clear)

  1. Re:How can this work with European smart cards? by Anonymous Coward · · Score: 2, Informative

    A nonce based protocol where the ATM can just ask the card wgat its PIN is, yes. The chip-and-pin protocols are completely broken and were designed by morons, unfortunately. See aa href="https://www.youtube.com/watch?v=szgwaYajKHA>"Chip and PIN is broken" from 27C3 or google for more recent attacks.

  2. Re: How can this work with European smart cards? by Anonymous Coward · · Score: 2, Informative

    Our cards have chip + strip. My credit card and my wife's debit card have both been skimmed in the past few years.

  3. Re: How can this work with European smart cards? by Anonymous Coward · · Score: 2, Informative

    Use a magnet to wipe the magstripe... It is a Hi-Co card so the magnet needs to be relatively strong to write data to it. A harddrive magnet would do.

  4. Re: How can this work with European smart cards? by Yenya · · Score: 4, Informative

    The magnetic strip can easily be erased by a strong magnet (e.g. a neodymium one from a broken HDD). I erased the one on my credit card myself two years ago. However, I have since discovered that there are still payment terminals in Europe, which use solely the magnetic strip. For example, the highway toll gates in Italy and France.

    --
    -Yenya
    --
    While Linux is larger than Emacs, at least Linux has the excuse that it has to be. --Linus
  5. This is an older skimmer... by toonces33 · · Score: 4, Informative

    The newer ones are designed to be "installed" in the cardslot so you can't even see them. Pulling on the green thing will no longer be sufficient.

    1. Re:This is an older skimmer... by Khyber · · Score: 3, Informative

      https://techcrunch.com/2014/08...

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  6. Re:Solution by thegarbz · · Score: 4, Informative

    That's a great idea but an image recognition nightmare if you can't control the environment. Outdoors between the sun moving, clouds, rain, street lights, etc doing such side by side recognition to catch such a minute detail would be incredibly difficult.

  7. Re:3D printing will make it even more easy to do by 140Mandak262Jamuna · · Score: 3, Informative

    In third world countries, law enforcement is very weak. In Africa mobile phone based banking is taking hold. There are typically no ATMs. But shops that sell prepaid phones also act as local tellers dispensing cash after being authenticated using cell phones. Fraud is much less common there. In most third world countries banks are very powerful and the laws favor the banks. All the fraud liability rests with the poor people who are very guarded. The only people using credit cards seriously in Aftrica are the naive tourists.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact