Credit cards are loaded with security features, however the game of cat and mouse goes on. Nefarious syndicates continue to develop innovation to take information in brand-new and innovate methods. After SparkFun did a teardown on some illegal hardware, they were visited by regional police, who requested their aid again.
[Nick] from SparkFun refers to the device in question as a “shimmer”. It’s intended to be installed inside the chip reader of a charge card terminal, in between the terminal and the user’s charge card. Fabricated on a flexible film PCB, it’s thin enough to glue within without being obvious even throughout upkeep.
The examination begins with recognition of the major parts on board, followed by efforts to interact with the gadget. Sadly, the hardware was largely unresponsive, even when linked to a card reader. In an effort to read more, a schematic was produced. [Nick]’s analysis raised more concerns than responses, and the suspicion is that the hardware may have been harmed at some point. However, the basic capabilities of the device are apparent, provided the ability of the hardware to communicate with a card through its contacts and unload the data through the onboard nRF24 L01 radio module.
Thanks to individuals like [Nick], and earlier work from SparkFun, all of us now have a better understanding of the risks when using payment terminals out in the wild. Unfortunately, unless your local filling station is prepared to let you spend 20 minutes dismantling their card reader before paying, there’s not a great deal the person can do about it. Stay alert, and if you’ve got the skinny on a skimmer, drop us a line.