Hackaday Links Column Banner

Hackaday Links: June 27, 2021

When asked why he robbed banks, career criminal Willie Sutton is reported to have said, “Because that’s where the money is.” It turns out that a reporter made up the quote, but it’s a truism that offers by extension insight into why ATMs and point-of-sale terminals are such a fat target for criminals today. There’s something far more valuable to be taken from ATMs than cash, though — data, in the form of credit and debit card numbers. And taking a look at some of the hardware used by criminals to get this information reveals some pretty sophisticated engineering. We’d heard of ATM “skimmers” before, but never the related “shimmers” that are now popping up, at least according to this interesting article on Krebs.

While skimmers target the magnetic stripe on the back of a card, simmers are aimed at reading the data from card chips instead. Shimmers are usually built on flex PCBs and are inserted into the card slot, where traces on the device make contact with the chip reader contacts. The article describes a sophisticated version of shimmer that steals power from the ATM itself, rather than requiring a separate battery. The shimmer sits inside the card slot, completely invisible to external inspection (sorry, Tom), and performs what amounts to man-in-the-middle attacks. Card numbers are either stored on the flash and read after the device is retrieved, or are read over a Bluetooth connection; PINs are stolen with the traditional hidden camera method. While we certainly don’t condone criminal behavior, sometimes you just can’t help but admire the ingenuity thieves apply to their craft.

In a bit of foreshadowing into how weird 2020 was going to be, back in January of that year we mentioned reports of swarms of mysterious UAVs moving in formation at night across the midwest United States. We never heard much else about this — attention shifted to other matters shortly thereafter — but now there are reports out of Arizona of a “super-drone” that can outrun law enforcement helicopters. The incidents allegedly occurred early this year, when a Border Patrol helicopter pilot reported almost colliding with a large unmanned aerial system (UAS) over Tucson, and then engaged them in a 70-mile chase at speeds over 100 knots. The chase was joined by a Tucson police helicopter, with the UAS reaching altitudes of 14,000 feet at one point. The pilots didn’t manage to get a good look at it, describing it only as having a single green light on its underside. The range on the drone was notable; the helicopter pilots hoped to exhaust its batteries and force it to land or return to base, but they themselves ran out of fuel long before the drone quit. We have to admit that we find it a little fishy that there’s apparently no photographic evidence to back this up, especially since law enforcement helicopters are fairly bristling with sensors, camera, and spotlights.

When is a backup not a backup? Apparently, when it’s an iCloud backup. At least that’s the experience of one iCloud user, who uses a long Twitter thread to vent about the loss of many years of drawings, sketches, and assorted files. The user, Erin Sparling, admits their situation is an edge case — he had been using an iPad to make sketches for years, backing everything up to an iCloud account. When he erased the iPad to loan it to a family member for use during the pandemic, he thought he’s be able to restore the drawings from his backups, but alas, more than six months had passed before he purchased a new iPad. Apparently iCloud just up and deletes everythign if you haven’t used the account in six months — ouch! We imagine that important little detail was somehere in the EULA fine print, but while that’s not going to help Erin, it may help you.

And less the Apple pitchfork crowd think that this is something only Cupertino could think up, know that some Western Digital external hard drive users are crying into their beer too, after a mass wiping of an unknown number of drives. The problem impacts users of the WD My Book Live storage devices, which as basically network attached storage (NAS) devices with a cloud-based interface. The data on these external drives is stored locally, but the cloud interface lets you configure the device and access the data from anywhere. You and apparently some random “threat actors”, as WD is calling them, who seem to have gotten into some devices and performed a factory reset. While we feel for the affected users, it is worth noting that WD dropped support for these devices in 2015; six years without patching makes a mighty stable codebase for attackers to work on. WD is recommending that users disconnect these devices from the internet ASAP, and while that seems like solid advice, we can think of like half a dozen other things that need to get done to secure the files that have accumulated on these things.

And finally, because we feel like we need a little palate cleanser after all that, we present this 3D-printed goat helmet for your approval. For whatever reason, the wee goat pictured was born with a hole in its skull, and some helpful humans decided to help the critter out with TPU headgear. Yes, the first picture looks like the helmet was poorly Photoshopped onto the goat, but scroll through the pics and you’ll see it’s really there. The goat looks resplendent in its new chapeau, and seems to be getting along fine in life so far. Here’s hoping that the hole in its skull fills in, but if it doesn’t, at least they can quickly print a new one as it grows.


Jackpot!: The Trials And Tribulations Of Turning A Slot Machine Into An ATM

Have you ever wished that slot machines dispensed money as easily as an ATM? Well so did [Scotty Allen] from Strange Parts, so in collaboration with his friend [Matt] decided to combine the two. After a four-month journey fraught with magic smoke and frustration, they managed to build a fully functional ATM slot machine.

The basic idea is that you insert your card and enter your pin like on a normal ATM, select your winning amount, and pull the lever. This sets wheels spinning, which come to a stop with three-of-a-kind every time, and you win your own money as a bucket load of coins with all the accompanying fanfare. The project took way longer than [Scotty] expected, and he ended up missing his original deadline to show off the machine at DEF CON.

They started with an old broken Japanese slot machine, and replaced the control board with an Arduino Due after a lot of reverse engineering and hacking. [Scotty] did a cool video just on getting the original vacuum fluorescent display working. Integrating the ATM parts proved to be the biggest challenge, with number of very expensive parts releasing their magic smoke or getting bricked in the process. [Scotty] came up with an ingeniously simple hack to interface the ATM hardware with the Arduino. The cash note dispenser uses multiple sensors to detect if there are notes loaded and if one is successfully dispensed. These were spoofed by the Arduino, which controls two coin hoppers instead to dispense appropriate amount of quarters or pennies. The build was rounded off with some very neat custom graphics on the glass panels, and the machine was finally showed off at a local arcade.

This was an awesome project, and we can appreciate the fact that [Scotty] made no attempt to hide the real emotional roller coaster that anyone who has worked on a large project knows, but is rarely documented in logs. [Scotty] has made a name for himself by building his own iPhone from parts and touring Shenzhen’s many factories. Check out the videos after the break Continue reading “Jackpot!: The Trials And Tribulations Of Turning A Slot Machine Into An ATM”

When A Skimmer Isn’t A Skimmer

I have a confession to make: ever since the first time I read about them online, I’ve been desperate to find an ATM skimmer in the wild. It’s the same kind of morbid curiosity that keeps us from turning away from a car accident, you don’t want to be witness to anyone getting hurt, but there’s still that desire to see the potential for danger up close. While admittedly my interest is largely selfish (I already know on which shelf I would display it), there would still be tangible benefits to the community should an ATM skimmer cross my path. Obviously I would remove it from the machine and prevent others from falling prey to it, and the inevitable teardown would make interesting content for the good readers of Hackaday. It’s a win for everyone, surely fate should be on my side in this quest.

So when my fingers brushed against that unmistakable knobby feel of 3D printed plastic as I went to insert my card at a local ATM, my heart skipped a beat. After all these years, my dream had come true. Nobody should ever be so excited about potentially being a victim of fraud, but there I was, grinning like an idiot in the farmer’s market. Like any hunter I quickly snapped a picture of my quarry for posterity, and then attempted to free it from the host machine.

But things did not go as expected. I spend most of my free time writing blog posts for Hackaday, so it’s safe to say that physical strength is not an attribute I possess in great quantity, but even still it seemed odd I couldn’t get the skimmer detached. I yanked it in every direction, tried to spin it, did everything short of kicking it; but absolutely no movement. In fact, I noticed that when pulling on the skimmer the whole face plate of the ATM bulged out a bit. I realized this thing wasn’t just glued onto the machine, it must have actually been installed inside of it.

I was heartbroken to leave my prize behind, but at the very least I would be able to alert the responsible party. The contact info for the ATM’s owner was written on the machine, so I emailed them the picture as well as all the relevant information in hopes that they could come check the machine out before anyone got ripped off.

Continue reading “When A Skimmer Isn’t A Skimmer”

Reverse Engineering An ATM Card Skimmer

While vacationing in Bali, [Matt South] walked into a nice, secure, air-conditioned cubicle housing an ATM. Knowing card skimmers are the bane of every traveller, [Matt] did the sensible thing and jiggled the card reader and the guard that hides your PIN when punching it into the numeric keypad. [Matt] found the PIN pad shield came off very easily and was soon the rightful owner of a block of injection molded plastic, a tiny camera, and a few bits of electronics.

The first thing that tipped [Matt] off to the existence of electronics in this brick of plastic was a single switch and a port with four contacts. These four pins could be anything, but guessing it was USB [Matt] eventually had access to a drive filled with 11GB of video taken from inside this PIN pad shield.

An investigation of the videos and the subsequent teardown of the device itself revealed exactly what you would expect. A tiny pinhole camera, probably taken from a ‘spy camera’ device, takes video whenever movement is detected. Oddly, there’s an audio track to these videos, but [Matt] says that makes sense; the scammers can hear the beeps made by the ATM with every keypress and correlate them to each button pressed.

Of course, the black hats behind this skimmer need two things: the card number, and the PIN. This tiny spy cam only gets the PIN, and there wasn’t a device over or in the card slot in the ATM. How did the scammers get the card number, then? Most likely, the thieves are getting the card number by sniffing the ATM’s connection to the outside world. It’s a bit more complex than sticking a magnetic card reader over the ATM’s card slot, but it’s harder to detect.


Playing DOOM On An ATM

There aren’t too many details available about this hack, but we still thought it was interesting enough to share. YouTube user [Aussie50] seems to have figured out a way to install DOOM on an automated teller machine (ATM). Not only is the system running the software, it also appears that they are using the ATM’s built-in buttons to control the action in-game.

Many ATM’s today are simply computers that run a version of Windows, so one would assume it shouldn’t be too difficult to get an older game like DOOM running on the hardware. Towards the beginning of the video, you can quickly get a glimpse of what appears to be a default Windows XP background screen. You can see later in the video that [Aussie50] drops to what appears to be an MS-DOS command line. It stands to reason then that this particular model of ATM does run on Windows XP, but that [Aussie50] may have had to install MS-DOS emulation software such as DOSBOX as well.

At one point in the video, the camera man mentions they are using an I-PAC2. Some research will show you that this little PCB is designed to do USB keyboard emulation for arcade games. It looks like you can just hook up some simple momentary switches and the I-PAC2 will translate that into USB keyboard commands. It is therefore likely that [Aussie50] has hooked up the ATM’s buttons directly to this I-PAC2 board and bypassed the original button controller circuit altogether.

It is also mentioned in the video that [Aussie50] was able to get the receipt printer working. It would be interesting to somehow incorporate this into the DOOM game. Imagine receiving a receipt with your high score printed on it. This also gets us thinking about other possibilities of gaming on ATM hardware. Can you configure the game to require a deposit before being able to play? Can you configure it to dispense cash if you beat the high score? What if you modified the multiplayer deathmatch mode so all players must pay an entry fee and the winner takes all? What creative ideas can you come up with for gaming on ATM hardware? Continue reading “Playing DOOM On An ATM”

Open Bitcoin ATM


If there’s one thing Bitcoins can benefit from, it’s easier accessibility for first-time users. The process can be a bit daunting if you’re new to cryptocurrency, but [mayosmith] is developing an open Bitcoin ATM to help get coins in the hands of the masses. There are already some Bitcoin dispensers out there. The Lamassu is around 5k a pop, and then there’s always the option of low-tech Condom Vending Machine conversions.

[mayosmith’s] build is still in the proof-of-concept phase, but has some powerful functionality underway. The box is made from acrylic with a front plate of 12″x12″ aluminum sheet metal, held on by 2 aluminum angles and some bolts. Slots were carved out of the aluminum sheet for the thermal printer and for bill acceptor—the comments identify it as an Apex 7000. Inside is an Arduino with an SD Shield attached. Dollars inserted into the acceptor trigger the Arduino to spit out a previously-generated QR code for some coins via the thermal printer, though all values are pre-determined at the time of creation and stored sequentially on the SD card. Stick around for a quick video below, and check out the official page for more information: http://openbitcoinatm.org

Continue reading “Open Bitcoin ATM”

Cheap Audio Equipment Makes ATM Theft Easier

ATM information theft is nothing new. Neither is the use of skimmers to gain access to the data. But it’s a little surprising just how easy it has become to hack together the devices using audio equipment. The images above are samples of a skimmer for sale from an Eastern-European do-no-good. It is the magnetic stripe sniffer portion of the attack which captures card data as an audio recording. That is later turned into the binary code that was read from the card. We’re just speculating, but that looks an awful lot like the PCB from a pen recorder, something you can pick up for just a couple of bucks.

Of course this is used in conjunction with a camera to capture PIN data as the second part of the security protocol, but it really underscores the need for new ATM technology. Some skimmers don’t even require retrieval of the hardware, and you never know where the sketchy machines might pop up next.

[via Engadget and Slashdot]