Seriously, Is It That Easy To Skim Cards?

September 20, 2017 by 102 Comments

We’ve all heard of card skimmers, nefarious devices that steal the identity of credit and debit cards, attached to ATMs and other machines in which unsuspecting consumers use them. Often they have relied on physical extraction of data from the card itself, such as by inserting a magnetic stripe reader in a fake ATM fascia, or by using a hidden camera to catch a picture of both card and user PIN entry.

The folks at Sparkfun write about an approach they received from a law enforcement agency bearing a selection of card skimmer devices that had been installed in gasoline pumps. These didn’t rely on interception of the card itself, instead they sat as a man-in-the-middle attack in the serial line between the card reader unit and the pump electronics. Let that sink in for a minute: a serial line that is readily accessible to anyone with the pump manufacturer’s standard key, carries card data in an unencrypted form. The owner of the skimming device is the criminal, but the company leaving such a wide-open vulnerability should really be joining them in having to answer to authorities.

The Skimmer Scanner app may help keep you safe.
The Skimmer Scanner app may help keep you safe.

The device itself is quite simple and well-executed, though it appears that attachment of wires and connectors is a job left to the crook. Some boards boast excellent soldering, while others have joints that are, well, simply criminal. On the board is a PIC microcontroller, a serial Flash chip, and a commodity Bluetooth module. This last component provides the means for the miscreant to harvest their ill-gotten gains, and incidentally a handy means by which compromised pumps can be identified. The Sparkfun people have provided an Android app that interrogates any modules it encounters, and warns of any that return the signature of a skimmer.

It is sad to say that some level of crime is an inevitable feature of the human condition, and therefore it should not be an unreasonable expectation that any entity with which we trust our sensitive data such as a credit card number should take reasonable steps to ensure its security. If a bank transported customer cash through the streets as bundles of $10 bills in open handcarts it is likely that they would get into trouble very quickly, so that the pump manufacturers send card information in the clear over such a readily accessible medium should be a scandal of similar magnitude. That financial institutions prefer to cover up the problem and shift the loss onto the gas stations rather than mandate better device security from the pump manufacturers speaks volumes about their misplaced priorities.

If this topic interests you, we’ve shown you a teardown of a more traditional skimmer in the past.

Thanks [CYK] for the tip.

The Narrowing Gap Between Amateur and Professional Fabrication

September 20, 2017 by 46 Comments

The other day I saw a plastic part that was so beautiful that I had to look twice to realize it hadn’t been cast — and no, it didn’t come out of a Stratysys or anything, just a 3D printer that probably cost $1,500. It struck me that someone who had paid an artisan to make a mold and cast that part might end up spending the same amount as that 3D printer. It also struck me that the little guys are starting to catch up with the big guys.

Haz Bridgeport, Will Mill

Sometimes it’s just a matter of getting a hold of the equipment. If you need a Bridgeport mill for your project, and you don’t have one, you have to pay for someone else to make the thing — no matter how simple. You’re paying for the operator’s education and expertise, as well as helping pay for the maintenance and support of the hardware and the shop it’s housed in.

I once worked in a packaging shop, and around 2004 we got in a prototype to use in developing the product box. This prototype was 3D printed and I was told it cost $12,000 to make. For the era it was mind blowing. The part itself was simplistic and few folks on Thingiverse circa 2017 would be impressed; the print quality was roughly on par with a Makerbot Cupcake. But because the company didn’t have a 3D printer, they had to pay someone who owned one a ton of cash to make the thing they wanted.

Unparalleled Access to Formerly Professional-Only Tools

But access to high end tools has never been easier. Hackerspaces and tool libraries alone have revolutionized what it means to have access to those machines. There are four or five Bridgeports (or similar vertical mills) at my hackerspace and I believe they were all donated. For the cost of membership, plus the time to get trained in and checked out, you can mill that part for cheap. Repeat with above-average 3D printers, CNC mills, vinyl cutters, lasers. The space’s South Bend lathe (pictured) is another example of the stuff most people don’t have in their basement shops. This group ownership model may not necessarily grant you the same gear as the pros, but sometimes it’s pretty close.
Continue reading “The Narrowing Gap Between Amateur and Professional Fabrication”

Knitting ALUs (and Flipdots)

September 20, 2017 by 5 Comments

[Irene Posch] is big into knitted fabric circuits. And while most of the textile circuits that we’ve seen are content with simply conducting enough juice to light an LED, [Irene]’s sights are set on knittable crafted arithmetic logic units (ALUs). While we usually think of transistors as the fundamental building-blocks of logic circuits, [Irene] has developed what is essentially a knit crochet relay. Be sure to watch the video after the break to see it in construction and in action.

The basic construction is a coil of conductive thread that forms an electromagnet, and a magnetic bead suspended on an axle so that it can turn in response to the field. To create a relay, a flap of knit conductive thread is attached to the bead, which serves as the pole for what’s essentially a fabric-based SPDT switch. If you’ve been following any of our relay-logic posts, you’ll know that once you’ve got a relay, the next step to a functioning computer is a lot of repetition.

How does [Irene] plan to display the results of a computation? On knit-and-bead flipdot displays, naturally. Combining the same electromagnet and bead arrangement with beads that are painted white on one side and black on the other yields a human-readable one-bit display. We have an unnatural affinity for flipdot displays, and making the whole thing out of fabric-store components definitely flips our bits.

Anyway, [Irene Posch] is a textile-tech artist who you should definitely be following if you have any interest in knittable computers. Have you seen anything else like this? Thanks [Melissa] for the awesome tip!

Continue reading “Knitting ALUs (and Flipdots)”

Cronk The Gonk Droid

September 20, 2017 by 7 Comments

The ‘Gonk’ droids from the Star Wars universe are easy to overlook, but serve the important function of mobile power generators. Here on Earth, [bithead942]’s life-size replica droid fulfills much the same purpose.

Cronk — functionally an oversized USB charging hub with a lot of bells and whistles — is remotely controlled by a modified Wii Nunchuck very controller similar to the one [bithead942] used to control his R2-D2. With the help of an Adafruit Audio FX Mini, an Adafruit Class D 20W amp, and two four-inch speakers, the droid can rattle off some sound effects as it blows off some steam(really, an inverted CO2 duster). An Arduino Mega acts as Cronk’s brain while its body is sculpted from cast-able urethane foam for its light weight and rigidity. It also houses a FPV camera, mic, and DVR so it can be operated effectively from afar.

And, it can dance!

Continue reading “Cronk The Gonk Droid”

Field Expedient Quenches Your Thirst for a Soldering Station

September 19, 2017 by 21 Comments

In the category of first world problems, it seems that these days no one is happy with just a plain old soldering iron. Today, everyone wants a station with bells, whistles, and features. If all you have is the iron, take heart. Grab a soda, drink it, and then duplicate [Kalvin178’s] makeshift solder station.

The idea is simple: cut or tear a soda can and press in the sides to make a V-shaped holder for the iron. A smaller part of the can might hold a wet paper towel, a sponge, or some copper scrubbing pads to clean your tip.

Continue reading “Field Expedient Quenches Your Thirst for a Soldering Station”

Need a Night-Light?

September 19, 2017 by 34 Comments

[Scott] created an LED candle in preparation for the big mac daddy storm (storms?) coming through.  Like millions of other people in Florida, he was stuck at home with his roommates when an oncoming hurricane headed their way.  Worrying about blundering about in the dark when the power inevitably went out, they set off to gather up all of the candles they had lying around.  Realizing the monstrous pile of candles and matches looked more and more like a death wish, the decision was made to create a makeshift light out of what components they had on hand.  Now, not having access to any outside sources for parts means that you are going to have a bare bones model.

That being said, this straightforward light only takes a couple of seconds to put together.  Jury rig a couple of AA or AAA batteries up, then slap on a resistor, LED, and jumper to get that sucker running.  Wrap electrical tape around the whole thing, or even try duct tape, whatever gets the job done.  A little paper hat on top of it will diffuse the light and bada bing, bada boom, you’re all done.  Generally though, soldering directly onto a battery is not a wise idea.  So, if you want to get fancy, perhaps a better alternative is to have a battery casing as shown below.

This LED candle is a clear option if your home isn’t a micro warehouse for electronic components (apparently it is frowned upon to clog up your garage for projects), and you have limited time.  However, if you have a number of extra minutes lying around before your windows blow in, see if you can top the brightest flashlight ever made (thus far).  Continue reading “Need a Night-Light?”

Wind Chimes and Dry Ice Make an Unusual Musical Instrument

September 19, 2017 by 23 Comments

When it comes to making music, there are really only a few ways to create the tones needed — pluck something, blow into something, or hit something. But where does that leave this dry-ice powered organ that recreates tunes with wind chimes and blocks of solid CO2?

It turns out this is firmly in the “hit something” camp, as [Leah Edwards] explains of her project. When the metal wind chime tubes come in contact with dry ice, the temperature difference sublimates the solid CO2. The puff of gas lifts the tube slightly, letting it fall back against the brick of dry ice and making a tone. The process is repeated rapidly, providing a vibrato effect while the tube is down. [Leah] used solenoids to lift the tubes and, having recently completed a stint at National Instruments, a bunch of NI gear to control them. The videos below show a few popular tunes and a little bit about the organ build. But what — no songs from Frozen?

We can easily imagine this same build using an Arduino or some other microcontroller. In fact, it puts us in mind of a recent reed organ MIDI project that has a few ideas to offer, like ways to quiet those solenoids.  Continue reading “Wind Chimes and Dry Ice Make an Unusual Musical Instrument”