“Nobody should ever be so excited about potentially being a victim of fraud, but there I was, grinning like an idiot in the farmer’s market,” Nardi wrote. “Like any hunter I quickly snapped a picture of my quarry for posterity, and then attempted to free it from the host machine.”
“I yanked it in every direction, tried to spin it, did everything short of kicking it; but absolutely no movement. In fact, I noticed that when pulling on the skimmer the whole face plate of the ATM bulged out a bit. I realized this thing wasn’t just glued onto the machine, it must have actually been installed inside of it.”
Nardi had to leave the device in the ATM, but emailed the photo he had taken to the ATM’s owner, so they would be able to take care of the skimmer before anyone fell victim to it. However, he soon received a reply from the owner, informing him that the plastic inside the machine was not a card skimmer but a specially designed 3D printed card reader, which replaced the ATM’s original hardware in an effort to prevent an actual skimmer from being installed, “by virtue of being unexpected.”
We often hear stories of people using 3D printing to get past security measures, from 3D printed fingerprints and keys to safe-cracking, 3D printed masks to fool facial recognition software, and even 3D printed card skimmers. So it stands to reason that 3D printing technology can also be used to increase security.
“One of the key elements of a successful skimmer installation is investigating the ATM you want to target, in this case a Nautilus Hyosung 1800 SE,” Nardi explained. “Once an attacker knows which machine they are dealing with, they can buy a replacement card reader for it online and know that whatever device they design to fit it will work on the ‘live’ machine when they go to install it. For some of these machines, 3D models of the card readers are already available online if you know where to look.”
But if the card reader on the type of ATM that a criminal has targeted is completely different than what was researched, such as the 3D printed card reader Nardi came across, the plan is foiled.
Though Nardi’s offer of discussing the card reader with the ATM owner for a blog post was rejected, due to the person’s need to maintain anonymity for the plan to work, he was still interested in the idea of a custom 3D printed card reader, and thought about using 3D printing to make “keyed” ATM card readers.
“Creating a custom reader like the owners of this machine have done is an excellent first step, but it’s still a static design that can be accounted for eventually,” Nardi wrote. “What if, instead of printing out identical card readers for all your ATMs, you made each one unique, making it nearly impossible to anticipate?”
He thought that using a parametric CAD tool, like OpenSCAD, to randomly augment the surface of the card reader might work. The tool could be used to generate small geometric protuberances in the device, and custom readers could even be regularly 3D printed and used in high value markets, where you typically see more card skimmers. Nardi wrote an OpenSCAD script for his project, which randomizes the height and number of pins on the card reader’s face; the layout of the pins can change each time a new STL is generated, making the surface unpredictable. This, in turn, would make it difficult to conceal a skimmer.
“A fully realized version of this script could make more drastic changes to the reader, fundamentally changing its geometry each time the STL was generated; making adaptation all but impossible,” Nardi wrote. “Imagine a thief coming to attach their skimmer, only to find that the reader has changed into an oval since the last time they were there.”
Unfortunately, while using a 3D printed part to make an ATM machine’s card reader safer may seem like a simple, inexpensive way to get past would-be thieves, Nardi ultimately called it “an unworkable solution.”
“If you’re telling consumers to always be on the lookout for suspect looking hardware attached to ATMs, attaching your own suspect looking hardware to the ATM as a deterrent doesn’t make much sense,” Nardi explained.
It’s like the little boy who cried wolf – if you tell people enough times that something they thought was dangerous may not be dangerous at all, they won’t recognize danger when it’s actually there. Consumers could start to have a false sense of security about strange components or devices at the ATM, and may not take the time to report what turn out to be real card skimmers.
Let us know your thoughts on this and other 3D printing topics at 3DPrintBoard.com or share in the Facebook comments below.[Images: Hackaday, unless otherwise noted]
You May Also Like
3DPOD Episode 56: Post Processing with DyeMansion Head of Marketing, Pia Harlaß
Pia Harlaß is the Head of Global Marketing & Corporate Communications for DyeMansion, a leading post-finishing company that offers machines that can depowder, create a uniform surface texture, and then...
Luxinergy Using Biocompatible Resin & In-Vision’s HELIOS Light Engine to 3D Print Orthotics
Custom medical devices called orthotics are used to hep patients recover from injuries and correct body misalignments, and can also relieve pain. Unfortunately, it takes a long time to make...
3DPOD Episode 55: Ethan Escowitz, Arris Founder & CEO
Ethan Escowitz, whom we interviewed here, co-founded Arris, which hopes to revolutionize the world of composites. By combining molding and 3D printing, his company’s innovative technology can make parts with...
3DPOD Episode 54: Ultimaker’s new CEO, Jürgen von Hollen
For the past several months, Jürgen von Hollen has been the CEO of Ultimaker. He comes from Cobot leader Universal Robotics and was previously in leading roles at several different...
View our broad assortment of in house and third party products.