Skimmer Scanner, a start to protecting yourself at the pump
Subject: General Tech | September 25, 2017 - 01:12 PM | Jeremy Hellstrom
Tagged: skimmer scanner, security, bluetooth
If you haven't seen the lengths which scammers will go to when modifying ATMs to steal your bank info you should really take a look at these pictures and get in the habit of yanking on the ATM's fascia and keyboard before using them. Unfortunately as Hack a Day posted about last week, the bank is not the only place you have to be cautious, paying at the pump can also expose your details. In this case it is not a fake front which you need to worry about, instead a small PIC microcontroller is attached to the serial connection between card reader and pump computer, so it can read the unencrypted PIN and data and then store the result in an EEPROM device for later collection. The device often has Bluetooth connectivity so that the scammers don't need to drive right up to the pump frequently.
There is an app you can download that might be able to help stop this, an app on Google Play will detect Bluetooth devices utilizing the standard codes the skimmers use and alert you. You can then tweet out the location of the compromised pump to alert others, and hopefully letting the station owner and authorities know as well. The app could be improved with automatic reporting and other tools, so check it out and see if you can help improve it as well as keeping your PIN and account safe when fuelling up.
"It would be nice to think that this work might draw attention to the shocking lack of security in gas pumps that facilitates the skimmers, disrupt the finances of a few villains, and even result in some of them getting a free ride in a police car. We can hope, anyway."
Here is some more Tech News from around the web:
- Intel warms up Coffee Lake with eighth-gen desktop Core details @ The Tech Report
- Microsoft Teams is Replacing Skype for Business To Put More Pressure on Slack @ Slashdot
- Deloitte hack exposes secret emails and plans from firm's blue-chip clients @ The Inquirer
- Showtime Websites Are Mining Monero With Your CPU, Unclear If Hack Or Experiment @ Slashdot
- If you need to replace anything other than your iPhone 8's battery or display, good luck @ The Register
- Reality Distortion Field: 10 Things Apple Won't Directly Say But We'll Infer About the iPhone X @ Techspot
- ASUS Tinker Board Is An Interesting ARM SBC For About $60 USD @ Phoronix
- Vertagear SL5000 Gaming Chair @ techPowerUp