ATM Skimming

Networking/Security Forums -> Physical Security and Social Engineering

Author: cwggenius PostPosted: Fri Apr 21, 2006 4:51 pm    Post subject: ATM Skimming
I am not sure who in here is familiar with ATM skimming. Where some one basically some on attaches a device to a legitmate ATM's card reader. The device attached will read the stripe information from any card swiped and transfer the information to a near by attacker using some sort of wireless medium. Also attached to the ATM is a hidden cam to capture the pin as it is entered. From what I hear this is very popular in some countries and becoming more popular here in the states. My question is this. Does anyone have a clue as to what type of wireless protocol is being used to transmit the card information to the attacker. (Ex. 802.11). Has anyone heard of any mitigating factors to prevent this?Thanks for your help.

Author: M3DU54Location: Las Palmas de Gran Canaria PostPosted: Fri Apr 21, 2006 10:13 pm    Post subject: Re: ATM Skimming
I actually published an article warning about the ease of ATM skimming before it even became an issue. I posted it on a few dialup BBS'es back in the day and I believe I echoed an similar but abridged article on the old 'secureroot' site.

Of course, now that it is being done illegally I don't know if it is something that we should be covering in too much detail - try to track down a copy of the original articles.

As regards your specific questions...

No, 802.11 is generally too large and tends towards being very expensive on battery. You could do it if you bring the gain right down on the card but thats a bit of an art in itself... unless you're used to SMT. Even on the prebuilt modules.

The old method...

My article postulated a single frequency in the now ISM band for the card bezel and another for the keypad bezel... Both were analogue (yeah, I know - but this is old news) .... the keypad was for anti-vandal types and used a press-through flexible environmental keypad of the required dimensions.

I fed the keypad to a DTMF encoder then straight into the RF module which happily chirped DTMF each time it was used... Of course, the RF was slept until a keypress and you lost the first 150ms or so due to the carrier settling time... but it was adequate and all the electronics fitted will inside a decent thick bezel.

The bezel for the card slot was modified using plastic from a second bezel to create a slight bump above and below the magstripe ... only the lower one was used and housed a read heads from a stereo micro-cassette player... you get enough timing information from the two sides to reconstruct the card data and timing, even though the initial insertion is quite fast... then slow (or stopped) then medium_constant... anything you miss on the way in due to the lack of a mechanical feeder is gathered on the way out when the reverse is true... So, between the foreswipe and the backswipe you have a good clean constant image of the whole card.

Preparing a study on the subject these days? Look at perhaps bluetooth and a small FPGA... you can read the strip, check it, encode it with redundancy and error correction and store it... Later, a walkpast with a modded cellular phone can download the entire days take without suspicion.

Since there is no physical link between the PIN collector and the Stripe reader you might want the pin collector to notify the stripe collector and store the results together in the one device for retrieval ... failing this, some people place a miniature camera for capturing the PIN.

Sorry, no schematics... no code... nothing more. I think anything further than discussing the general technique could be construed as bad judgement at best and incitement or criminal conspiracy at worst.



Author: secureatm PostPosted: Fri Oct 30, 2009 12:25 pm    Post subject:
I am new to this forum and your blog looks very interesting to me. I hope I enjoy my stay here for long time and I can gain much knowledge about atmsecurity

Author: wikecamera PostPosted: Wed Oct 20, 2010 10:29 am    Post subject:
I want to ask the same question,

Networking/Security Forums -> Physical Security and Social Engineering

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group