- Joined
- Nov 26, 2020
- Messages
- 716
Source: krebsonsecurity.com
Skimmers in the form of overlays on terminals are becoming more popular. Since Ingenico terminals are common in a number of countries, including the United States, the creators of overhead skimmers pay most attention to such devices. Despite the fact that information technology specialists try to talk about this problem and the danger it poses, there are no fewer skimmers. Recently, Brian Krebbs showed new photos of these devices. Photos (not of the best quality) were sent to him by representatives of a number of American retailers, in which retail outlets were installed overlays on terminals.
One such model is a skimmer with a Bluetooth wireless communication module. It is designed to steal the card user's data when it is used in the terminal. The skimmer, in particular, records the PIN and transmits it via Bluetooth to the connected device, which must be located within a radius of 30 meters from the compromised terminal.
We discovered this skimmer by accident. The fact is that an employee of the store where this device was placed noticed that two buttons on the terminal became difficult to press. He decided to investigate the causes of the problem and saw that the terminal cover was an overlay installed by an unknown person. After that, the employee checked other terminals and found two more overlays.
Cover plate on the reverse side. Source: krebsonsecurity.com
Carders who steal bank card data do not necessarily create such devices themselves. This is no longer a cottage industry, their development has been put on stream, and many models of skimmers can be bought online almost openly. The video below shows a skimmer for the Ingenico iSC250 terminal model. This is almost the same model that was sent to Krebbs.
The video does not show the electronic components of the system very well, but the operation of the wireless communication module is demonstrated in detail.
Since the device is wireless, you can expect that the attacker who installed the overlay on the terminal in the store is located somewhere nearby (for example, in a car parked nearby) and receives the data read by the device in real time. Indeed, the device does not have its own memory, so the option of periodic visits to the reader by its owner is excluded. There is another option: the skimmer transmits data to a device hidden nearby. You can connect to the overlay via Bluetooth using the code "2016".
Source: krebsonsecurity.com
Experts who have examined such skimmers claim that many components are taken from Samsung phones.
How can I distinguish a compromised Ingenico terminal from a regular one?
In his blog post, Krebbs shows how you can distinguish a compromised terminal from a device without an overlay. Presumably, the developers of overlays quickly modify them, changing their design, when it becomes known about the distinctive features of such devices. But this information is still relevant.
So, the main difference is in the size of some elements of terminals and skimmers. No matter how you change the design, there will always be some differences.
On the left — the cover plate, on the right-the model of the iSC250 terminal from Ingenico
In order for the cover plate to be placed on the terminal, it must be wider and longer than the original device case. A person who knows what the terminal looks like will quickly recognize a fake. But buyers or inexperienced sellers may not notice the substitution. The difference is also in the size of the plastic strip located to the right of the slot for the magnetic card.
Another difference is in the brightness of the keyboard illumination of the original terminal and the overlay. The skimmer buttons will be much dimmer as they cover the buttons of the terminal itself.
On the left — the terminal keyboard without a skimmer, on the right-with a skimmer
Finally, another distinguishing feature is the absence of a green LED on the terminal with a skimmer. The latter simply closes the LED. So that the light does not light up during the transaction. However, some pads have a special hole, so that the LED is clearly visible.
Source: krebsonsecurity.com
There is one more point. The fact is that some models of terminals are equipped with a stylus. In some situations, customers put an electronic signature using such a stylus, leaving it on the device screen. But the pad blocks the stylus. This is probably the most noticeable sign of the presence of a skimmer pad.
The skimmer is installed within a few seconds. The camera of one of the stores in Miami Beach recorded the installation of the lining in just three seconds. Scammers worked in pairs: one distracted the seller, the second-installed the device.
In addition to mobile terminals, carders install readers on ATMs (there are a lot of options) and even on the doors of banks with a credit card reader installed. Using this reader, you can open the door during the bank's non-business hours to gain access to the ATM. A skimmer reads data from a magnetic tape, and a camera for monitoring the PIN code set is installed inside the room, near the ATM.
Safety rules
Experts recommend the following security rules when working with ATMs or terminals:
- Do not use ATMs that are located in dark rooms and look strange. It is best, if possible, to withdraw money in proven machines;
- If your inner voice tells you that something is wrong with the ATM, don't work with it. Experts say that victims affected by the actions of carders often have a bad feeling when looking at an ATM. Everything is explained simply — a person unconsciously grasps some oddities in the ATM structure, but does not always understand what exactly is wrong;
- When entering the PIN code, you should cover the keyboard with your hand. This rule applies both when working with an ATM and with a terminal.