Card Reader Lockout Keeps Unauthorized Tool Users At Bay

May 20, 2018 by 19 Comments

It’s a problem common to every hackerspace, university machine shop, or even the home shops of parents with serious control issues: how do you make sure that only trained personnel are running the machines? There are all kinds of ways to tackle the problem, but why not throw a little tech at it with something like this magnetic card-reader machine lockout?

[OnyxEpoch] does not reveal which of the above categories he falls into, if any, but we’ll go out on a limb and guess that it’s a hackerspace because it would work really well in such an environment. Built into a sturdy steel enclosure, the guts are pretty simple — an Arduino Uno with shields for USB, an SD card, and a data logger, along with an LCD display and various buttons and switches. The heart of the thing is a USB magnetic card reader, mounted to the front of the enclosure.

To unlock the machine, a user swipes his or her card, and if an administrator has previously added them to the list, a relay powers the tool up. There’s a key switch for local override, of course, and an administrative mode for programming at the point of use. Tool use is logged by date, time, and user, which should make it easy to identify mess-makers and other scofflaws.

We find it impressively complete, but imagine having a session timeout in the middle of a machine operation would be annoying at the least, and potentially dangerous at worst. Maybe the solution is a very visible alert as the timeout approaches — a cherry top would do the trick!

There’s more reading if you’re one seeking good ideas for hackerspace. We’ve covered the basics of hackerspace safety before, as well as insurance for hackerspaces.

Continue reading “Card Reader Lockout Keeps Unauthorized Tool Users At Bay”

Seriously, Is It That Easy To Skim Cards?

September 20, 2017 by 107 Comments

We’ve all heard of card skimmers, nefarious devices that steal the identity of credit and debit cards, attached to ATMs and other machines in which unsuspecting consumers use them. Often they have relied on physical extraction of data from the card itself, such as by inserting a magnetic stripe reader in a fake ATM fascia, or by using a hidden camera to catch a picture of both card and user PIN entry.

The folks at Sparkfun write about an approach they received from a law enforcement agency bearing a selection of card skimmer devices that had been installed in gasoline pumps. These didn’t rely on interception of the card itself, instead they sat as a man-in-the-middle attack in the serial line between the card reader unit and the pump electronics. Let that sink in for a minute: a serial line that is readily accessible to anyone with the pump manufacturer’s standard key, carries card data in an unencrypted form. The owner of the skimming device is the criminal, but the company leaving such a wide-open vulnerability should really be joining them in having to answer to authorities.

The Skimmer Scanner app may help keep you safe.
The Skimmer Scanner app may help keep you safe.

The device itself is quite simple and well-executed, though it appears that attachment of wires and connectors is a job left to the crook. Some boards boast excellent soldering, while others have joints that are, well, simply criminal. On the board is a PIC microcontroller, a serial Flash chip, and a commodity Bluetooth module. This last component provides the means for the miscreant to harvest their ill-gotten gains, and incidentally a handy means by which compromised pumps can be identified. The Sparkfun people have provided an Android app that interrogates any modules it encounters, and warns of any that return the signature of a skimmer.

It is sad to say that some level of crime is an inevitable feature of the human condition, and therefore it should not be an unreasonable expectation that any entity with which we trust our sensitive data such as a credit card number should take reasonable steps to ensure its security. If a bank transported customer cash through the streets as bundles of $10 bills in open handcarts it is likely that they would get into trouble very quickly, so that the pump manufacturers send card information in the clear over such a readily accessible medium should be a scandal of similar magnitude. That financial institutions prefer to cover up the problem and shift the loss onto the gas stations rather than mandate better device security from the pump manufacturers speaks volumes about their misplaced priorities.

If this topic interests you, we’ve shown you a teardown of a more traditional skimmer in the past.

Thanks [CYK] for the tip.

Toshiro Kodera: Electromagnetic Gyrotropes

January 4, 2017 by 12 Comments

We’ve learned a lot by watching the talks from the Hackaday Superconferences. Still, it’s a rare occurrence to learn something totally new. Microwave engineer, professor, and mad hacker [Toshiro Kodera] gave a talk on some current research that he’s doing: replacing natural magnetic gyrotropic material with engineered metamaterials in order to make two-way beam steering antennas and more.

If you already fully understood that last sentence, you may not learn as much from [Toshiro]’s talk as we did. If you’re at all interested in strange radio-frequency phenomena, neat material properties, or are just curious, don your physics wizard’s hat and watch his presentation. Just below the video, we’ll attempt to give you the Cliff’s Notes.

Continue reading “Toshiro Kodera: Electromagnetic Gyrotropes”

SIM Card Connectors And White PCBs Make Huge LED Snowflakes Happen

September 28, 2016 by 18 Comments

[Mike Harrison] talked about designing and building a huge scale LED lighting installation in which PCBs were used as both electrical and mechanical elements, and presented at Electromagnetic Field 2016. The project involved 84,000 RGBW LEDs, 14,000 microcontrollers and 25,000 PCBs. It had some different problems to solve compared to small jobs, but [Mike] shared techniques that could be equally applied to smaller scale projects or applications. He goes into detail on designing for manufacture and assembly, sourcing the parts, and building the units on-site.

The installation itself was a snowflake display for a high-end shopping mall in Hong Kong in the 2015 Christmas season. [Mike] wanted a small number of modular boards that could be connected together on-site to make up the right shapes. In an effort to minimize the kinds of manufacturing and parts needed, he ended up using modular white PCBs as structural elements as well as electrical. With the exception of some minor hardware like steel wire supports, no part of the huge snowflakes required anything outside of usual PCB manufacturing processes to make. The fewer suppliers, the fewer potential problems. [Mike] goes into design detail at 6:28 in the video.

For the connections between the boards, he ended up using SIM card connectors intended for cell phones. Some testing led to choosing a connector that matched up well with the thickness of a 1.6mm PCB used as a spacer. About 28,000 of them were used, and for a while in 2015 it was very hard to get a hold of that particular part, because they had cleaned everyone out! Continue reading “SIM Card Connectors And White PCBs Make Huge LED Snowflakes Happen”

Punch Cards

May 26, 2016 by 41 Comments

Before the Commodore 64, the IBM PC, and even the Apple I, most computers took input data from a type of non-magnetic storage medium that is rarely used today: the punched card. These pieces of cardstock held programs, data, and pretty much everything used to run computers in the before-time. But with all of that paper floating around, how did a programmer or user keep up with everything? Enter the punch card sorter and [Ken Shirriff[‘s eloquent explanation of how these machines operate.

Card sorters work by reading information on the punched card and shuffling the cards into a series of stacks. As [Ken] explains, the cards can be run through the machine multiple times if they need to be sorted into more groups than the machine can manage during one run, using a radix sort algorithm.

The card reader that [Ken] examines in detail uses vacuum tubes and relays to handle the logical operation to handle memory and logic operations. This particular specimen is more than half a century old, rather robust, and a perfect piece for the Computer History Museum in Mountain View.

It’s always interesting to go back and examine (mostly) obsolete technology. There are often some things that get lost in the shuffle (so to speak). Even today, punched cards live on in the automation world, where it’s still an efficient way of programming various robots and other equipment. Another place that it lives on is in voting machines in jurisdictions where physical votes must be cast. Hanging chads, anyone?

Continue reading “Punch Cards”

Reverse Engineering An ATM Card Skimmer

May 3, 2016 by 47 Comments

While vacationing in Bali, [Matt South] walked into a nice, secure, air-conditioned cubicle housing an ATM. Knowing card skimmers are the bane of every traveller, [Matt] did the sensible thing and jiggled the card reader and the guard that hides your PIN when punching it into the numeric keypad. [Matt] found the PIN pad shield came off very easily and was soon the rightful owner of a block of injection molded plastic, a tiny camera, and a few bits of electronics.

The first thing that tipped [Matt] off to the existence of electronics in this brick of plastic was a single switch and a port with four contacts. These four pins could be anything, but guessing it was USB [Matt] eventually had access to a drive filled with 11GB of video taken from inside this PIN pad shield.

An investigation of the videos and the subsequent teardown of the device itself revealed exactly what you would expect. A tiny pinhole camera, probably taken from a ‘spy camera’ device, takes video whenever movement is detected. Oddly, there’s an audio track to these videos, but [Matt] says that makes sense; the scammers can hear the beeps made by the ATM with every keypress and correlate them to each button pressed.

Of course, the black hats behind this skimmer need two things: the card number, and the PIN. This tiny spy cam only gets the PIN, and there wasn’t a device over or in the card slot in the ATM. How did the scammers get the card number, then? Most likely, the thieves are getting the card number by sniffing the ATM’s connection to the outside world. It’s a bit more complex than sticking a magnetic card reader over the ATM’s card slot, but it’s harder to detect.

3D Carver Makes Magnetic Fields Visible

November 19, 2015 by 10 Comments

The history of science is full of examples when a 3D physical model led to a big discovery. But modelling something that’s actually invisible can be tough. Take magnetic fields – iron filings on a card will give you a 2D model, but a 3D visualization of the field would be much more revealing. For that job, this magnetic field following 3D carving machine is just the thing.

What started out as a rapid prototyping session with servos and hot glue ended up as quick and dirty 3D carving rig for [Frits Lyneborg]. The video shows his thought progression and details how he went from hot glue and sticks to LEGO Technics parts and eventually onto Makerbeam extrusions for the frame of his carver. A probe with a Hall effect sensor is coupled to a motor spinning a bit that cuts into a block of floral foam. A microcontroller keeps the Hall sensor a more or less fixed distance from a rare-earth magnet, resulting in a 3D model of the magnetic field in the foam, as well as a mess of foam nubbles. Despite a few artifacts due to in-flight adjustments of the rig, the field presents clearly in the block as two large lobes.

Carving foam isn’t the only way to visualize a magnetic field in three dimensions, of course. If you’d rather have a light show based on the local magnetic field, try this 3D compass build we covered a while back.

Continue reading “3D Carver Makes Magnetic Fields Visible”