Seriously, Is It That Easy To Skim Cards?

September 20, 2017 by Jenny List 107 Comments

We’ve all heard of card skimmers, nefarious devices that steal the identity of credit and debit cards, attached to ATMs and other machines in which unsuspecting consumers use them. Often they have relied on physical extraction of data from the card itself, such as by inserting a magnetic stripe reader in a fake ATM fascia, or by using a hidden camera to catch a picture of both card and user PIN entry.

The folks at Sparkfun write about an approach they received from a law enforcement agency bearing a selection of card skimmer devices that had been installed in gasoline pumps. These didn’t rely on interception of the card itself, instead they sat as a man-in-the-middle attack in the serial line between the card reader unit and the pump electronics. Let that sink in for a minute: a serial line that is readily accessible to anyone with the pump manufacturer’s standard key, carries card data in an unencrypted form. The owner of the skimming device is the criminal, but the company leaving such a wide-open vulnerability should really be joining them in having to answer to authorities.

The Skimmer Scanner app may help keep you safe.

The device itself is quite simple and well-executed, though it appears that attachment of wires and connectors is a job left to the crook. Some boards boast excellent soldering, while others have joints that are, well, simply criminal. On the board is a PIC microcontroller, a serial Flash chip, and a commodity Bluetooth module. This last component provides the means for the miscreant to harvest their ill-gotten gains, and incidentally a handy means by which compromised pumps can be identified. The Sparkfun people have provided an Android app that interrogates any modules it encounters, and warns of any that return the signature of a skimmer.

It is sad to say that some level of crime is an inevitable feature of the human condition, and therefore it should not be an unreasonable expectation that any entity with which we trust our sensitive data such as a credit card number should take reasonable steps to ensure its security. If a bank transported customer cash through the streets as bundles of $10 bills in open handcarts it is likely that they would get into trouble very quickly, so that the pump manufacturers send card information in the clear over such a readily accessible medium should be a scandal of similar magnitude. That financial institutions prefer to cover up the problem and shift the loss onto the gas stations rather than mandate better device security from the pump manufacturers speaks volumes about their misplaced priorities.

If this topic interests you, we’ve shown you a teardown of a more traditional skimmer in the past.

Thanks [CYK] for the tip.

There Is No Such Thing As An Invalid Unit

September 19, 2017 by Jenny List 356 Comments

The Mars Climate Orbiter was a spacecraft launched in the closing years of the 1990s, whose job was to have been to study the Martian atmosphere and serve as a communications relay point for a series of other surface missions. It is famous not for its mission achieving these goals, but for the manner of its premature destruction as its orbital insertion brought it too close to the planet’s atmosphere and destroyed it.

The ill-fated Mars Climate Orbiter craft. NASA [Public domain].

The cause of the spacecraft entering the atmosphere rather than orbiting the planet was found in a subsequent investigation to be a very simple one. Simplifying matters to an extent, a private contractor supplied a subsystem which delivered a reading whose units were in the imperial system, to another subsystem expecting units in the SI, or metric system. The resulting huge discrepancy caused the craft to steer towards the surface of the planet rather than the intended orbit, and caused the mission to come to a premature end. Billions of dollars lost, substantially red faces among the engineers responsible.

This unit cock-up gave metric-using engineers the world over a brief chance to feel smug, as well as if they were being honest a chance to reflect on their good fortune at it not having happened on their watch. We will all at some time or another have made an error with respect to our unit calculations, even though in most cases it’s more likely to have involved a simple loss of a factor of ten, and not with respect to a billion dollar piece of space hardware.

But it also touches on one of those fundamental divides in the world between the metric and imperial systems. It’s a divide that brings together threads of age politics, geography, nationalism, and personal choice, and though it may be somewhere angels fear to tread (we’ve seen it get quite heated before to the tune of 885+ comments), it provides a fascinating subject for anyone with an interest in engineering culture.

Continue reading “There Is No Such Thing As An Invalid Unit” →

London Calling: The Hackaday UK Unconference Roundup

September 19, 2017 by Jenny List 22 Comments

A trip to London, for provincial Brits, is something of an undertaking from which you invariably emerge tired and slightly grimy following your encounter with the cramped mobile sauna of the Central Line, its meandering international sightseers, and stampede of besuited commuters heading for the City. Often your fatigue after such an expedition will be that following the completion of a Herculean labour, but just sometimes it will instead be the contented tiredness of a fulfilling and busy time well spent.

Such will be the state of the happy band of the Hackaday community who made it to London this weekend for our UK unconference held in association with our sponsor, DesignSpark. A Friday night bring-a-hack social in a comfortable Bloomsbury pub, followed by Saturday in an auditorium next to one of the former Surrey Commercial Docks for a day of back-to-back seven-minute talks laying out the varied and interesting work our readers are involved in.

Continue reading “London Calling: The Hackaday UK Unconference Roundup” →

The World’s Thinnest Raspberry Pi 3

September 13, 2017 by Jenny List 24 Comments

We’ve become used to readily available single board computers of significant power in form factors that would have seemed impossibly small only a few years ago. But even with a board the size of a credit card such as a Raspberry Pi, there are still moments when the available space is just too small to fit the computer.

The solution resorted to by enterprising hardware hackers is often to remove extraneous components from the board. If there is no need for a full-size USB port or an Ethernet jack, for example, they can safely be taken away. And since sometimes these attempts result in the unintended destruction of the board, yonder pirates at Pimoroni have taken viewers of their Bilge Tank series of videos through the procedure, creating in the process what they describe as “The World’s Thinnest Raspberry Pi 3“.

The USB and Ethernet ports, as large through-hole components, were the easiest to tackle. Some snipping and snapping removed the tinware and plastic, then the remains could be hand-desoldered. The GPIO pins resisted attempts to remove their plastic for easy desoldering, so for them they had to resort to a hot air gun. Then for the remaining camera, HDMI, and display ports the only option was hot air. Some cleaning up with desoldering braid, and they had their super-thin Pi. They weren’t quite done though, they then took the reader through modifying a Raspbian Lite distribution to deactivate support those components that have been removed. This has the handy effect not only of freeing up computer resources, it also saves some power consumption.

You might point out that they could have just used a Pi Zero, which with its SD card on the top surface is even a little bit thinner. And aside from the question of extra computing power, you’d be right. But their point is valid, that people are doing this and not always achieving a good result, so their presenting it as a HOWTO is a useful contribution. We suspect that a super-thin Pi 3 will still require attention to heat management though.

Take a look at the video, we’ve put it below the break.

Continue reading “The World’s Thinnest Raspberry Pi 3” →

Retrotechtacular: Information From The Days When Colour TV Was New

September 12, 2017 by Jenny List 19 Comments

By the time colour TV came to the United Kingdom, it was old news to Americans. Most of the viewing public on the Western side of the Atlantic had had the opportunity to see more than black-and-white images for years when in 1967 the BBC started transmitting its first colour channel, BBC2.

For Americans and continental Europeans, the arrival of colour TV had been an incremental process, in which the colour subcarrier had been added to their existing transmission standard. Marketed as “compatible color” to Americans, this ensured that their existing black-and-white TV sets had no need for replacement as the new transmissions started.

The United Kingdom by contrast had been one of the first countries in the world to adopt a television standard in the 1930s, so its VHF 405-line positive-modulation black-and-white services stood alone and looked extremely dated three decades later. The BBC had performed experiments using modified round-CRT American sets to test the feasibility of inserting an NTSC colour subcarrier into a 405-line signal, but had eventually admitted defeat and opted for the Continental 625-line system with the German PAL colour encoding. This delivered colour TV at visibly better quality than the American NTSC system, but at the expense of a 15-year process of switching off all 405-line transmitters, replacing all 405-line sets, and installing new antennas for all viewers for the new UHF transmissions.

Such a significant upgrade must have placed a burden upon the TV repair and maintenance trade, because as part of the roll-out of the new standard the BBC produced and transmitted a series of short instructional animated films about the unfamiliar technology, which we’ve placed below the break. The engineer is taken through the signal problems affecting UHF transmissions, during which we’re reminded just how narrow bandwidth those early UHF Yagis must have been, then we are introduced to the shadowmask tube and all its faults. The dreaded convergence is introduced, as these were the days before precision pre-aligned CRTs, and we briefly see an early version of the iconic Test Card F. Finally we are shown the basic procedure for achieving the correct white balance. There is a passing reference to dual-standard sets, as if convergence for colour transmissions wasn’t enough of a nightmare a lot of the early colour sets incorporated a bank of switches on their PCB to select 405-line or 625-line modes. The hapless engineer would have to set up the convergence for both signals, something that must have tried their patience.

The final sequence looks at the hand-over of the new set to the customer. In an era in which we are used to consumer electronics with fantastic reliability we would not be happy at all with a PAL set from 1967. They were as new to the manufacturers as they were to the consumers, so the first generation of appliances could hardly have been described as reliable. The smiling woman in the animated film would certainly have needed to call the engineer again more than once to fix her new status symbol.

Continue reading “Retrotechtacular: Information From The Days When Colour TV Was New” →

The Things Network Sets 702 Km Distance Record For LoRaWAN

September 11, 2017 by Jenny List 17 Comments

Many of us will have at some time over the last couple of years bought a LoRaWAN module or two to evaluate the low power freely accessible wireless networking technology. Some have produced exciting and innovative projects using them while maybe the rest of us still have them on our benches as reminders of projects half-completed.

If your LoRaWAN deployment made it on-air, you’ll be familiar with the range that can be expected. A mile or two with little omnidirectional antennas if you are lucky. A few more miles if you reach for something with a bit of directionality. Add some elevation, and range increases.

A couple of weeks ago at an alternative society festival in the Netherlands, a balloon was launched with a LoRaWAN payload on board that was later found to have made what is believed to be a new distance record for successful reception of a LoRaWAN packet. While the balloon was at an altitude of 38.772 km (about 127204.7 feet) somewhere close to the border between Germany and the Netherlands, it was spotted by a The Things Network node in Wroclaw, Poland, at a distance of 702.676km, or about 436 miles. The Things Network is an open source, community driven effort that has built a worldwide LoRaWAN network.

Of course, a free-space distance record for a balloon near the edge of space might sound very cool and all that, but it’s not going to be of much relevance when you are wrestling with the challenge of getting sensor data through suburbia. But it does provide an interesting demonstration of the capabilities of LoRaWAN over some other similar technologies, if a 25mW (14dBm) transmitter can successfully send a packet over that distance then perhaps it might be your best choice in the urban jungle.

If you’re curious about LoRaWAN, you might want to start closer to home and sniff for local activity.

If You’re Going To Make A Model Engine, You Might As Well Make It A Merlin

September 11, 2017 by Jenny List 42 Comments

It has been remarked before in more than one Hackaday post, that here are many communities like our own that exist in isolation and contain within them an astonishing level of hardware and engineering ability. We simply don’t see all the work done by the more engineering-driven and less accessory-driven end of the car modification scene, for example, because by and large we do not move in the same circles as them.

One such community in which projects displaying incredible levels of skill are the norm is the model making world. We may all have glued together a plastic kit of a Spitfire or a Mustang in our youth, but at the opposite end of the dial when it comes to models you will find craftsmanship that goes well beyond that you’d find in many high-end machine shops.

A project that demonstrates this in spades is [mayhugh1]’s quarter-scale model of a vintage Rolls-Royce Merlin V12 piston aero engine. This was the power plant that you would have found in many iconic Allied aircraft of the WW2 era, including the real-life Spitfires and all but the earliest of those Mustangs. And what makes the quarter-scale Merlin just that little bit more special, is that it runs. Just add fuel.

The build took place over a few years and many pages of a forum thread, and includes multiple blow-by-blow accounts, photos, and videos. It started with a set of commercial castings for the engine block, but their finishing and the manufacture of all other engine parts is done in the shop. In the final page or so we see the video we’ve placed below the break, of the finished engine in a test frame being run up on the bench, with a somewhat frightening unguarded airscrew attached to its front and waiting to decapitate an unwary cameraman. Sit down with a cup of your favourite beverage, and read the build from start to finish. We don’t think you’ll be disappointed.

Continue reading “If You’re Going To Make A Model Engine, You Might As Well Make It A Merlin” →