Big Candy Is Watching You: Facial Recognition In Vending Machines Upsets University

February 27, 2024 by Maya Posch 47 Comments

Most people don’t think too much of vending machines. They’re just those hulking machines that lurk around on train stations, airports and in the bowels of school and office buildings, where you can exchange far too much money for a drink or a snack. What few people are aware of is just how these vending machines have changed over the decades, to the point where they’re now collecting any shred of information on who interacts with them, down to their age and gender.

How do we know this? We have a few enterprising students at the University of Waterloo to thank. After [SquidKid47] posted a troubling error message displayed by a campus M&M vending machine on Reddit, [River Stanley] decided to investigate the situation. The resulting article was published in the February 16th edition of the university’s digital newspaper, mathNEWS.

In a bout of what the publication refers to as “Actual Journalism”, [Stanley] found that the machine in question was produced by Invenda, who in their brochure (PDF) excitedly note the many ways in which statistics like age, gender, foot traffic, session time and product demographics can be collected. This data, which includes the feed from an always-on camera, is then processed and ‘anonymized statistics’ are sent to central servers for perusal by the vending machine owner.

The good news is that this probably doesn’t mean that facial recognition and similar personalized information is stored (or sent to the big vaporous mainframe) as this would violate the GDPR and similar data privacy laws, but there is precedence of information kiosks at a mall operator taking more liberties. Although the University of Waterloo has said that these particular vending machines will be removed, there’s something uncomfortable about knowing that those previously benign vending machines are now increasingly more like the telescreens in Orwell’s Nineteen Eighty-Four. Perhaps we’re already at the point in this timeline were it’s best to assume that even vending machines are always watching and listening, to learn our most intimate snacking and drinking habits.

Thanks to [Albert Hall] for the tip.

This Vending Machine Is For The Birds

June 5, 2023 by Al Williams 13 Comments

The early bird may get the worm, but [Stephen Chasey’s] birds only get to eat if they are smart. He’s created a vending machine for bird feeding. While this is a classic and simple exercise for a microcontroller, [Stephen’s] design is all op amps and 555 timers. The feeder comes on when it detects a warm body and waits for something to drop through a hole. Birds don’t have coins, so the hole will accept anything that will trigger the IR sensor within. In response, it dispenses a few peanuts. Rodents and squirrels won’t figure out the machinery, and so they can’t pilfer the peanuts meant for the pigeons — or other birds, even if they don’t start with the letter P.

A PIR sensor detects a warm body. A 555 keeps the system going for about 24 seconds after the last PIR event. Pairs of IR LEDs and phototransistors act as sensors that look through heat shrink tubing, which is, apparently, IR transparent. When a virtual coin drops through the hole, one of the sensors picks it up and starts another 555, which turns on a vibration motor. Another sensor watches for a nut to drop, which stops the motor. It also will time out after 11 seconds.

Continue reading “This Vending Machine Is For The Birds” →

HDD Vending Machine Works Like A Vending Machine Should

December 19, 2021 by Arya Voronova 48 Comments

The concept of vending machines in hackerspaces is nothing new, but [iooner] took it a step further – as hackers ought to. Putting HDDs into the rotating spring of a repurposed vending machine, right where you’d expect to see a Granola bar, isn’t revolutionary – but we don’t remember anybody doing it before this. And, with how heavy a typical HDD is, you are guaranteed to never encounter the “it just won’t fall down” issue that’s omnipresent with the snack-loaded machines.

Nothing could illustrate the premise of this concept better than [iooner]’s video does, and hackerspaces acquiring and having fun with consumer-facing equipment is always fun to watch. A stereotypical hackerspace vending machine sells resistor packs and Arduino boards, but you wouldn’t see it venture into the realm of data storage and distribution. Given how cheap HDDs are nowadays, this concept could benefit us in a variety of applications – selling new HDDs to members for regular data storage use, or distributing hacking magazine archives and Wikipedia dumps, even exclusive release things like recordings of hackerspace lectures.

If this looks familiar, we’ve reviewed a conceptually similar vending machine five years ago, and quite a few DIY ones. If software piracy is more of your thing, there are likely ways to get HDDs out of vending machines without paying, using either robots or an NFC-enabled phone. And, if you’re going to reuse a vending machine, a primer on reverse-engineering its internal comms bus could be of help.

Continue reading “HDD Vending Machine Works Like A Vending Machine Should” →

Historical Hackers: Hero Builds Vending Machines

March 12, 2021 by Al Williams 14 Comments

We tend to think of mechanical contrivances as products of the industrial revolution and true automation as something computers handle. Yet even before computers, automation existed — using timing motors and cams and other mechanical contraptions. But it might surprise you to know that there was actually some sophisticated automation going way back. Really way back, invented in a world without computers, CAD software, or even electricity. For example, around 50 AD an inventor named Hero — sometimes known as Heron — built machines powered by steam and wind. His inventions included vending machines and music players.

It is hard to imagine what kind of music player or, indeed, vending machine you could build in 50AD. Some of Hero’s inventions were used in temples to, for example, dispense holy water. Others were used in theater to do things like automatically lighting a fire or creating thunder effects. There was even an entirely automated puppet show that used knotted ropes to put on a ten-minute production with no human assistance.

Continue reading “Historical Hackers: Hero Builds Vending Machines” →

Using A Vending Machine Bill Acceptor With Arduino

March 31, 2020 by Tom Nardi 9 Comments

We’ve all seen, and occasionally wrestled with, bill acceptors like the one [Another Maker] recently liberated from an arcade machine. But have you ever had one apart to see how it works? If not, the video after the break is an interesting peak into how this ubiquitous piece of hardware tells the difference between a real bill and a piece of paper.

But [Another Maker] goes a bit farther than just showing the internals of the device. He also went through the trouble of figuring out how to talk to it with an Arduino, which makes all sorts of money-grabbing projects possible. Even if collecting paper money isn’t your kind of thing, it’s still interesting to see how this gadget works on a hardware and software level.

As explained in the video, a set of belts are used to pull the bill past an array of IR LEDs. The hardware uses these to scan the bill and perform some dark magic to determine if it’s a genuine piece of currency. [Another Maker] notes that these readers actually need to receive occasional firmware updates to take into account new bill designs. In fact, the particular unit he has is so out of date that it won’t accept modern $5 bills; which may explain how he got it for free in the first place.

Years ago we saw one of these bill acceptors used to make a DIY Bitcoin ATM. Of course back then, a few bucks would get you a semi-reasonable amount of BTC. These days you would skip the paper currency and do it all digitally.

Continue reading “Using A Vending Machine Bill Acceptor With Arduino” →

A Mini Vending Machine To Ramp Up Your Sales

December 3, 2019 by Jenny List No comments

A common sight in the world of hackerspaces is an old vending machine repurposed from hawking soda cans into a one-stop shop for Arduinos or other useful components. [Gabriel D’Espindula]’s mini vending machine may have been originally designed as an exercise for his students and may not be full sized, but we can see it or machines like it taking away some of the demand for those surplus models.

Its construction mimics that of some older 3D printers in using laser-cut ply to form the components of a box. Behind a clear lockable door are the shelves containing the products, at the back of which are continuous rotation servos that will drive the spiral Archimedes screws that eject the products. To the side is a membrane keypad and display, and the whole is drawn together with an STM32 board and an Arduino. It supports both RFID card login and keyboard login, and though it’s not finished we can see it forming the basis of a very useful system.

He’s posted the most recent progress in the form of a video that we’ve placed below the break. All the various files are available for download, so should you fancy one yourself then you have a good chance of success.

Continue reading “A Mini Vending Machine To Ramp Up Your Sales” →

Hacker Pops Top On NFC Vending Machines

October 16, 2018 by Tom Nardi 23 Comments

Vending machines used to be a pretty simple affair: you put some coins in, and food or drink that in all likelihood isn’t fit for human consumption comes out. But like everything else today, they are becoming increasingly complex Internet connected devices. Forget fishing around for pocket change; the Coke machine at the mall more often than not has a credit card terminal and a 30 inch touch screen display to better facilitate dispensing cans of chilled sugar water. Of course, increased complexity almost always goes hand in hand with increased vulnerability.

So when [Matteo Pisani] recently came across a vending machine that offered users the ability to pay from an application on their phone, he immediately got to wondering if the system could be compromised. After all, how much thought would be put into the security of a machine that basically sells flavored water? The answer, perhaps not surprisingly, is very little.

The write-up [Matteo] has put together is an outstanding case study in hacking Android applications, from pulling the .apk package off the phone to decompiling it into its principal components with programs like apktool and jadx. He even shows how you can reassemble the package and get it suitable for reinstallation on your device after fiddling around with the source code. If you’ve ever wanted a crash course on taking a peek inside of Android programs, this is a great resource.

By snooping around in the source code, [Matteo] was able to discover not only the location of the encrypted database that serves as the “wallet” for the user, but the routine that generates the encryption key. To cut a long story short, the program simply uses the phone’s IMEI as the key to get into the database. With that in hand, he was able to get into the wallet and give himself a nice stack of “coins” for the next time he hit the vending machines. Given his new-found knowledge of how the system works, he even came up with a separate Android app that allows adding credit to the user’s account on a rooted device.

In the video after the break, [Matteo] demonstrates his program by buying a soda and then bumping his credit back up to buy another. He ends his write-up by saying that he has reported his findings to the company that manufacturers the vending machines, but no word on what (if any) changes they plan on making. At the end of the day, you have to wonder what the cost-befit analysis looks like for a full security overhaul when when you’re only selling sodas and bags of chips.

When he isn’t liberating carbonated beverages from their capitalistic prisons, he’s freeing peripherals from their arbitrary OS limitations. We’re starting to get a good idea about what makes this guy tick.

Continue reading “Hacker Pops Top On NFC Vending Machines” →