“Nobody should ever be so excited about potentially being a victim of fraud, but there I was, grinning like an idiot in the farmer’s market,” Nardi wrote. “Like any hunter I quickly snapped a picture of my quarry for posterity, and then attempted to free it from the host machine.”
“I yanked it in every direction, tried to spin it, did everything short of kicking it; but absolutely no movement. In fact, I noticed that when pulling on the skimmer the whole face plate of the ATM bulged out a bit. I realized this thing wasn’t just glued onto the machine, it must have actually been installed inside of it.”
Nardi had to leave the device in the ATM, but emailed the photo he had taken to the ATM’s owner, so they would be able to take care of the skimmer before anyone fell victim to it. However, he soon received a reply from the owner, informing him that the plastic inside the machine was not a card skimmer but a specially designed 3D printed card reader, which replaced the ATM’s original hardware in an effort to prevent an actual skimmer from being installed, “by virtue of being unexpected.”
We often hear stories of people using 3D printing to get past security measures, from 3D printed fingerprints and keys to safe-cracking, 3D printed masks to fool facial recognition software, and even 3D printed card skimmers. So it stands to reason that 3D printing technology can also be used to increase security.
“One of the key elements of a successful skimmer installation is investigating the ATM you want to target, in this case a Nautilus Hyosung 1800 SE,” Nardi explained. “Once an attacker knows which machine they are dealing with, they can buy a replacement card reader for it online and know that whatever device they design to fit it will work on the ‘live’ machine when they go to install it. For some of these machines, 3D models of the card readers are already available online if you know where to look.”
But if the card reader on the type of ATM that a criminal has targeted is completely different than what was researched, such as the 3D printed card reader Nardi came across, the plan is foiled.
Though Nardi’s offer of discussing the card reader with the ATM owner for a blog post was rejected, due to the person’s need to maintain anonymity for the plan to work, he was still interested in the idea of a custom 3D printed card reader, and thought about using 3D printing to make “keyed” ATM card readers.
“Creating a custom reader like the owners of this machine have done is an excellent first step, but it’s still a static design that can be accounted for eventually,” Nardi wrote. “What if, instead of printing out identical card readers for all your ATMs, you made each one unique, making it nearly impossible to anticipate?”
He thought that using a parametric CAD tool, like OpenSCAD, to randomly augment the surface of the card reader might work. The tool could be used to generate small geometric protuberances in the device, and custom readers could even be regularly 3D printed and used in high value markets, where you typically see more card skimmers. Nardi wrote an OpenSCAD script for his project, which randomizes the height and number of pins on the card reader’s face; the layout of the pins can change each time a new STL is generated, making the surface unpredictable. This, in turn, would make it difficult to conceal a skimmer.
“A fully realized version of this script could make more drastic changes to the reader, fundamentally changing its geometry each time the STL was generated; making adaptation all but impossible,” Nardi wrote. “Imagine a thief coming to attach their skimmer, only to find that the reader has changed into an oval since the last time they were there.”
Unfortunately, while using a 3D printed part to make an ATM machine’s card reader safer may seem like a simple, inexpensive way to get past would-be thieves, Nardi ultimately called it “an unworkable solution.”
“If you’re telling consumers to always be on the lookout for suspect looking hardware attached to ATMs, attaching your own suspect looking hardware to the ATM as a deterrent doesn’t make much sense,” Nardi explained.
It’s like the little boy who cried wolf – if you tell people enough times that something they thought was dangerous may not be dangerous at all, they won’t recognize danger when it’s actually there. Consumers could start to have a false sense of security about strange components or devices at the ATM, and may not take the time to report what turn out to be real card skimmers.
Let us know your thoughts on this and other 3D printing topics at 3DPrintBoard.com or share in the Facebook comments below.[Images: Hackaday, unless otherwise noted]
Subscribe to Our Email Newsletter
Stay up-to-date on all the latest news from the 3D printing industry and receive information and offers from third party vendors.
You May Also Like
Snarr3D Introduces the First 3D Printed Golf Club Shaft
What started out as a class project could soon help golfers save a few strokes per round. Brothers and business partners, Patrick and Scott Snarr, have created Snarr3D, a golf...
3D Printing News Briefs, March 18, 2022: Amphibian Aerospace, Olympics, & More
Multistation signed a distribution agreement with BigRep, and JPB Système reports a major milestone, while Nupress will deliver amphibian aerospace applications with SPEE3D technology. HP introduced its new Single Cell...
3D Printing News Briefs, March 15, 2023: Software, Carbon Fiber Bikes, & More
In today’s 3D Printing News Briefs, Velo3D has released the latest version of its Flow software, and Horizon is opening up more micro additive manufacturing applications with a coating that...
Oilfield Services Giant Baker Hughes Taps Oqton to Increase 3D Printing Adoption in Energy
Oqton, a Belgian software company specializing in solutions for the additive manufacturing (AM) sector, announced that the company has entered into an agreement to develop and commercialize software for Baker...
Upload your 3D Models and get them printed quickly and efficiently.