SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
3 Mar 2017

New skimmers fit right on top of chip and PIN credit card scanners

As usual Mr. Krebs has some great images of a credit card skimmer found in the wild.

This model uses Samsung phone parts and lays right over the Ingenico card scanners you’ve probably seen in stores. The interesting thing is that these scanners also support chip and PIN technology but, as evidenced by the photo, it looks like the retailer disabled it essentially sending the scanner back into the 1970s and allowed the skimmer unfettered access.

Two things are going on here. First, chip and PIN scanners are ostensibly safer and therefore card skimmers have to work harder to get the goods. The particular model is quite realistic and automatically dumps data to a nearby Bluetooth device. It is too thin to have onboard storage but the retailer could not find a target device where the credit card numbers would end up. In short you could slip this on the card machine and no one would be the wiser. There isn’t even a clear record of where the data goes.

Wrote Krebs:

According to my retail source who shared these pictures, the overlay skimmers used parts cannibalized from Samsung smart phones. The source said the devices placed themselves in a mode to transmit stolen card data and PINs as soon as they were turned off and back on again. Investigators also discovered that they could connect via Bluetooth to the skimming devices by entering the PIN “2016” on a Bluetooth-enabled wireless device.
However, the source said none of the overlay skimmers they found appeared to have any on-board data storage, suggesting the thieves had planted a second wireless device somewhere in or near the store and were hoovering up card and PIN data via Bluetooth in real time. Or, perhaps the crooks were simply sitting outside the store in the parking lot, using a laptop and high-gain antenna to pull down card and PIN data.

However this could also mean that the skimmers are getting desperate. At this point to grab credit cards the old fashioned way a few things need to happen but primarily the skimmer can’t allow users to pay with their phones (ostensibly safer) or their chipped card (ostensibly also safer although I’d like to see the technology in a few years). The escalation took a long time – decades, in fact – but it looks like credit card companies might have reached a stalemate with thieves.

For some reason I really like skimmers. I recall a Bruce Sterling video in which he noted that ATMs are like evolved turtles, intentionally designed in every way to avoid human tampering. These skimmers – simple pieces of plastic with a few electronics inside made by industrious if messy electronics experts – can defeat them in an instant. Life, as they say, finds a way.

Tags:
Samsung information leaks
Source:
TechCrunch
1811
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015