“Nobody should ever be so excited about potentially being a victim of fraud, but there I was, grinning like an idiot in the farmer’s market,” Nardi wrote. “Like any hunter I quickly snapped a picture of my quarry for posterity, and then attempted to free it from the host machine.”
“I yanked it in every direction, tried to spin it, did everything short of kicking it; but absolutely no movement. In fact, I noticed that when pulling on the skimmer the whole face plate of the ATM bulged out a bit. I realized this thing wasn’t just glued onto the machine, it must have actually been installed inside of it.”
Nardi had to leave the device in the ATM, but emailed the photo he had taken to the ATM’s owner, so they would be able to take care of the skimmer before anyone fell victim to it. However, he soon received a reply from the owner, informing him that the plastic inside the machine was not a card skimmer but a specially designed 3D printed card reader, which replaced the ATM’s original hardware in an effort to prevent an actual skimmer from being installed, “by virtue of being unexpected.”
We often hear stories of people using 3D printing to get past security measures, from 3D printed fingerprints and keys to safe-cracking, 3D printed masks to fool facial recognition software, and even 3D printed card skimmers. So it stands to reason that 3D printing technology can also be used to increase security.
“One of the key elements of a successful skimmer installation is investigating the ATM you want to target, in this case a Nautilus Hyosung 1800 SE,” Nardi explained. “Once an attacker knows which machine they are dealing with, they can buy a replacement card reader for it online and know that whatever device they design to fit it will work on the ‘live’ machine when they go to install it. For some of these machines, 3D models of the card readers are already available online if you know where to look.”
But if the card reader on the type of ATM that a criminal has targeted is completely different than what was researched, such as the 3D printed card reader Nardi came across, the plan is foiled.
Though Nardi’s offer of discussing the card reader with the ATM owner for a blog post was rejected, due to the person’s need to maintain anonymity for the plan to work, he was still interested in the idea of a custom 3D printed card reader, and thought about using 3D printing to make “keyed” ATM card readers.
“Creating a custom reader like the owners of this machine have done is an excellent first step, but it’s still a static design that can be accounted for eventually,” Nardi wrote. “What if, instead of printing out identical card readers for all your ATMs, you made each one unique, making it nearly impossible to anticipate?”
He thought that using a parametric CAD tool, like OpenSCAD, to randomly augment the surface of the card reader might work. The tool could be used to generate small geometric protuberances in the device, and custom readers could even be regularly 3D printed and used in high value markets, where you typically see more card skimmers. Nardi wrote an OpenSCAD script for his project, which randomizes the height and number of pins on the card reader’s face; the layout of the pins can change each time a new STL is generated, making the surface unpredictable. This, in turn, would make it difficult to conceal a skimmer.
“A fully realized version of this script could make more drastic changes to the reader, fundamentally changing its geometry each time the STL was generated; making adaptation all but impossible,” Nardi wrote. “Imagine a thief coming to attach their skimmer, only to find that the reader has changed into an oval since the last time they were there.”
Unfortunately, while using a 3D printed part to make an ATM machine’s card reader safer may seem like a simple, inexpensive way to get past would-be thieves, Nardi ultimately called it “an unworkable solution.”
“If you’re telling consumers to always be on the lookout for suspect looking hardware attached to ATMs, attaching your own suspect looking hardware to the ATM as a deterrent doesn’t make much sense,” Nardi explained.
It’s like the little boy who cried wolf – if you tell people enough times that something they thought was dangerous may not be dangerous at all, they won’t recognize danger when it’s actually there. Consumers could start to have a false sense of security about strange components or devices at the ATM, and may not take the time to report what turn out to be real card skimmers.
Let us know your thoughts on this and other 3D printing topics at 3DPrintBoard.com or share in the Facebook comments below.[Images: Hackaday, unless otherwise noted]
Subscribe to Our Email Newsletter
Stay up-to-date on all the latest news from the 3D printing industry and receive information and offers from third party vendors.
You May Also Like
3D Printing Layoffs Continue with Xerox Elem Additive Division
The additive manufacturing (AM) industry has seen a number of companies contract as the larger economy struggles. This has included firms like Desktop Metal, Fast Radius, Nexa3D, and others. The...
America Makes to Host Technical 3D Printing Event in October 2022
Hot on the heels of its MMX 2022 and 10-year anniversary events, America Makes, the country’s top public-private partnership for additive manufacturing technology and education, is announcing its Fall 2022...
3D Printing News Briefs, October 1st, 2022: Flight-Ready Parts, Rapid Prototyping, & More
America Makes has announced its new Executive Committee members, and PUNCH Torino and Roboze are partnering up to increase the adoption and improve the process of FFF 3D printing. Those...
3D Printing News Unpeeled: 3D Printed MEMS, ASML and iCLIP
Joseph deSimone develops iCLIP which locally injects resins inside a Vat Polymerization build. This lets you use multiple resins in the same print and may be used for multimaterial parts....