Impact Lab


Subscribe Now to Our Free Email Newsletter
September 21st, 2017 at 10:28 am

Someone finally made an app to detect credit card skimmers at the gas pump

IMG_3579

In less than 30 seconds a hacker can install a $10 piece of pre-built hardware – easily purchased online – into a gas pump. This device is called a skimmer and it’s designed to get your credit card number when you use it at the pump.

A clever developer came up with a somewhat simple approach to protecting yourself at the gas station. The CEO and Founder of SparkFun, Nate Seidle, along with programmer Nick Poole, built a free, open-source Android app to detect popular skimmers.

IL-Header-Communicating-with-the-Future

The app detects a specific Bluetooth signal and, if found, it tries to establish a connection and send a command that will verify the existence of a skimmer in your general area. The app is looking for Bluetooth networks with an ID of HC-05, which turned out to be the default on devices Seidle tested; if it finds one you’ll be alerted.

SparkFun’s Bluetooth device-detecting app is called Skimmer Scanner and it’s a bare-bones tool that appears to work as intended. It’s free and open-source and the developer says it doesn’t keep or record any information.

In a fantastic blog post detailing a complete dissection of several of the devices, Seidle explains that most of the criminals are dealing in bulk:

The designers of this skimmer were smart, it’s better to make these devices easy to connect to than to add a layer of security. What’s the worst that could happen? The device is detected and removed from the pump. Meanwhile, 10 more have been deployed for a total cost of $100.

The only tool necessary is a key to unlock the pump. The locks are basic and there are no more than a few different key designs for all gas pumps – master keys for the model.

This isn’t new; for decades, criminals have been using various computer hardware devices to intercept credit card numbers during transactions. But hardware hacking is no longer the domain of only talented – albeit shady – individuals. It’s the purview of anyone with a laptop, a car, and the stolen credit card information necessary to buy an easily made piece of hardware online.

While I haven’t had the opportunity to ride around looking for skimmers yet, I can happily confirm that there are no skimmers scamming in my office.

Update 2:30 PM CST 9/20: Updated to clarify that Nick Poole wrote the application and Nate Seidle researched the skimmers.

Via The Next Web

IL-Header-Communicating-with-the-Future

Comments are closed.

Futurist Speaker