Forgot your password?
typodupeerror
Crime Security

Crooks Hack Music Players For ATM Skimmers 82

Posted by kdawson
from the sweet-sounds-of-cash-dropping-into-our-hands dept.
tsu doh nimh sends in a report that criminals increasingly are cannibalizing parts from handheld audio players and cheap spy cams to make extremely stealthy and effective ATM skimmers. These are devices designed to be attached to cash machines to siphon card +PIN data. "The European ATM Security Team (EAST) found that a new type of analogue skimming device — using audio technology — has been reported by five countries, two of them 'major ATM deployers' (defined as having more than 40,000 ATMs)... The basic method for conducting these attacks was mentioned in a 1992 edition of the hacker e-zine Phrack (the edition that explains audio-based skimmers is Phrack 37)."
This discussion has been archived. No new comments can be posted.

Crooks Hack Music Players For ATM Skimmers

Comments Filter:
  • Been said before (Score:3, Insightful)

    by Anrego (830717) * on Tuesday November 23, 2010 @02:42PM (#34321078)

    But we really need to do something about this whole security thing.

    Personally I’m all for a one time password key token type device. You have a little key fob dealie generating numbers via a stream cipher at an interval (and with a key) synced with your bank. Once a pin is used, it is invalidated, so an attacker would have to skim the code, than use it before you punched it in. You could even combine it with some kind of traditional pin or even biometrics if you want to be all new age, giving you the very trendy “3 factor authentication”.

    Heck you could even automate the first bit with some kind of challenge/response system.

    This isn’t a radical or new idea.. people have been talking about this forever, and a few systems like this have actually been implemented.. but I don’t get why this isn’t wide spread yet? Are there vulnerabilities, user issues, or is it just a case of “cheaper to fix the problems reactively than prevent them”?

    As has been said, security is a trade off of convenience. But I think money is one area people might be willing to put up with a slightly more cumbersome process.

  • by SirGeek (120712) <sirgeek-slashdot.mrsucko@org> on Tuesday November 23, 2010 @02:46PM (#34321130) Homepage

    You could even combine it with some kind of traditional pin or even biometrics if you want to be all new age, giving you the very trendy "3 factor authentication".

    Sorry, One reason this will fail - People are inherently lazy.

    If they can't get their swipe and walk away then they'll not be happy...

    Granted, I also don't want yet another thing to hang off my keychain, but I'd rather have THAT safety than nothing.

  • Ballpeen hammer (Score:4, Insightful)

    by spun (1352) <loverevolutionary@nOSPAm.yahoo.com> on Tuesday November 23, 2010 @02:55PM (#34321280) Journal

    Just carry a ballpeen hammer around with you. Before inserting your card, take a couple of good hard swipes with the hammer. Skimmers aren't mounted solidly, and the rest of the machine is pretty much unbreakable.

  • Re:Ballpeen hammer (Score:4, Insightful)

    by corbettw (214229) <corbettw AT yahoo DOT com> on Tuesday November 23, 2010 @03:06PM (#34321398) Journal

    Sounds great. I'm sure a random police officer who happens to be passing by when you strike the ATM with a hammer will completely agree with your plan.

  • by PseudonymousBraveguy (1857734) on Tuesday November 23, 2010 @03:22PM (#34321584)

    IC card based authentication is well-kown and established, and is secure against skimming attacks without the need of external devices. Just slip in the card and enter your PIN. Even if your PIN is observed it's useless without the chip, and the chip is not easily readable (and thus, not really copy-able). The technology has been around for years (at least since the 1990), and is widely used. Only missing step is for the credit card companies to 1. adopt them (they are actually in the process of doing this, see EMV [wikipedia.org]), and 2. to disable the old insecure systems. The most important step is step 2, and due to "backwards compatibility", that step will be delayed for years or decades.

    The tech has been there for 20 years, but it will probably take abother 20 years until it will make you more secure (if it is not broken in the meantime, that is)

  • Re:Crooks? (Score:3, Insightful)

    by Abstrackt (609015) on Tuesday November 23, 2010 @03:24PM (#34321606)

    Not crooks: Geniuses! :-)

    They're not mutually exclusive.

  • by Overzeetop (214511) on Tuesday November 23, 2010 @03:38PM (#34321846) Journal

    Are your banks ran by complete scumbags

    Yes, yes they are.

No skis take rocks like rental skis!

Working...