Tiny, hidden spy cameras are common in ATMs that have been tampered with by crooks who specialize in upgrading machines with card skimmers. But until last week, I had never heard of hidden cameras being used in gas pumps in tandem with bluetooth-based card skimming devices.

Apparently, I am not alone.

“I believe this is the first time I’ve seen a camera on a gas pump with a bluetooth card skimmer,” said Detective Matt Jogodka from the Las Vegas Police Department, referring to the faulty fuel pump shown below.

The false (horizontal) panel above the “This Sale” display hides a tiny hidden camera facing the gas pump PIN pad.

It can be hard to tell from the angle of the photo above, but the horizontal bar at the top of the machine (just above the “This Sale $” indicator) contains a hidden pinhole camera. tilted so as to register debit card users entering their PIN.

Here’s a look at the fake panel removed from the compromised pump:

A front view of the hidden camera panel.

Jogodka said that although this pump’s PIN pad is encrypted, the hidden camera bypasses this security feature.

“The PINpad is encrypted, so this is a NEW way to capture the PIN,” Jogodka wrote in a mailing list message about the skimmers found on Arizona fuel pumps. “The camera has been set to Motion, [to] save memory space and battery life. Sad for the suspect, he was recovered 2 hours after his installation. “

Anyone who hacked into this fuel pump was able to get inside the machine and install a bluetooth circuit board that connects to power and can wirelessly transmit data from the stolen board. This allows thieves to drop by at any time and download card data remotely from a mobile device or laptop.

The unauthorized Bluetooth circuit board can be seen on the lower left attached to the pump power supply and card reader.

This type of fuel pump skimmer, while rare, is a reminder that it’s a good idea to choose credit over debit when purchasing fuel. For starters, there are different legal protections for fraudulent transactions on debit cards and credit cards.

With a credit card, your maximum loss on any transaction you report as fraud is $ 50; with a debit card, this protection only extends within two days of the unauthorized transaction. After that, the maximum consumer liability can increase to $ 500 within 60 days and to an unlimited amount after 60 days.

In practice, your bank or your debit card issuer can always waive additional responsibilities, and many do. But even then, emptying your checking account of cash while your bank deals with it can still be a huge problem and create secondary problems (bad checks, for example).

Interestingly, these tips against using debit cards at the pump often run counter to messages sent by gas station owners themselves, many of whom offer lower prices for transactions in. cash or debit card. This is because credit card transactions are generally more expensive to process.

Anyone curious about how to tell the difference between gas stations that prioritize card security and those that don’t should check out How to avoid card skimmers at the pump.

The compromised pump with the hidden camera bar still attached. Newer, safer pumps have a horizontal card reader and a raised metal keypad.

*** This is a Syndicated Security Bloggers Network blog from Krebs on security Written by BrianKrebs. Read the original article on: https://krebsonsecurity.com/2019/11/hidden-cam-above-bluetooth-pump-skimmer/

Source link

Leave a Reply

Your email address will not be published.