Soda swiper
-
So, there are some soda machines out there which are outfitted to handle payment cards, with a stripe reader and network terminal to hook up to the payments switch (I suspect via say a VPN link over a cell modem or something like that). Cool!
Now, what do you think will happen when the connection between the soda-machine-payment-card-terminal and the central switch falls down? Shouldn't it return an error and reject the purchase attempt?
Not for the machines we ran into! Instead, when the payment switch is uncontactable, the payment terminal apparently does something weird inside and tells the machine "hey, credit $2". As a result, you swipe your card, get the error response from the payments side, and then proceed to push the vending selection button and get a soda out, along with two quarters in change!
Filed under: mistakes that add up..., where's the QA dept. the vending machine stockers need to bill for these sodas?
-
As a result, you swipe your card, get the error response from the payments side, and then proceed to push the vending selection button and get a soda out, along with two quarters in change!
hmm...... one wonders if the machine is accessible such that you could surupticiously unplug the data cable...
-
Well I once found that if you insert a long metal strip (a steel ruler we had in highschool) into the 14th slit opening on the left side of the nuka cola vending machine for 17 centimeters or more (but not too much more). You would pay once and then the machine would not register the can drop en after a second try again... and again and again etc...
all the cans of said type in the machine. When you removed the strip you asked for your money back et pronto you would get it back because no sale was made.
That machine was there for several years having almost no coins and being refilled twice a day.So I can imagine a lot of things with these devices...
-
That's a very specific exploit; how many things did you try first?
-
Do they charge the cards next time they connect?
-
Ah yes you would need to be very lucky like I was (this earned me the hacker nickname). I was sitting on the bench next to it and my metal ruler was sticking out of my backpack. I think you can picture the surprise of the guy buying a can of soda. I connected two dots and was an instant hacker/hero among highschool students
-
Do they charge the cards next time they connect?
Hrm...that's an interesting thought. I'll have to keep that in mind -- a store-and-forward technique might work for this, although I'm not sure what you'd do with a declined tran at that point, considering you've already dispensed the soda!
-
I'm not sure what you'd do with a declined tran at that point, considering you've already dispensed the soda!
Nothing. The vendor failed to adequately ascertain the correct availability of funds, yet dispensed anyway; in effect, they agreed to a zero-value transaction
-
@boomzilla said:
Do they charge the cards next time they connect?
Hrm...that's an interesting thought. I'll have to keep that in mind -- a store-and-forward technique might work for this, although I'm not sure what you'd do with a declined tran at that point, considering you've already dispensed the soda!
I'd guess they write it off, but I'd imagine most would go through, so at least try to get something back.
-
I think you'll find that the costs of that outweigh having each and evey sodamachine outfitted with dual connection to the payment company and redundant hardware.
-
I think you'll find that the costs of that outweigh having each and evey sodamachine outfitted with dual connection to the payment company and redundant hardware.
Eh? Simply don't have the payment-card-handler send "yeah, the user put in $2" when the tran fails and the machine falls back to cash-only mode as a result...
-
Or that.But somehow I think it is marketing.. and then stuff gets weird
-
hmm...... one wonders if the machine is accessible such that you could surupticiously unplug the data cable...
If it's like the one they put in where I work recently, no. The card reader's bolted on to the face of the machine.
-
what comes out the back of the machine though? or is it wireless?
inquiring minds want to know!
-
You just want free soda
So do I
-
mmmmmmayyybe......
-
-
hmm.... well that's nothing a nice pinch can't sort out.
or a deauth attack maybe?
-
It sounds reasonable to just dispense the product and charge the card later. If the transaction is rejected... It's just a can of coke. How many people don't have enough money on their card to get that? Yeah, somebody might take advantage of it but it's probably so uncommon that it might not even be worth trying to blacklist the card to block next operations. They will probably record your card data anyway so if you go mad and steal 100 cans then they MIGHT come after you.
And why not just wait the transaction to complete? Because it's faster not to do it. Today I waited something like 30 seconds when paying with my debit card. It's usually faster but that place has a mobile terminal and apparently it's slower than other connections because every time I go there it's the same.
-
what comes out the back of the machine though? or is it wireless?
There was nowhere for that machine to plug into a wired connection; it was in a hallway. Had to've been wireless.
-
use one of these !
for science!
-
And a prepaid visa card that has had its balance already used up!
-
Nice. Hundreds of dollars for an illegal jammer that comes complete with falsified customs documents, just to try to steal a $1.50 soda. So worth it.
-
"It's better to loose some money from time to time, than to irritate the customer" - correct strategy for a company that sells a lot of low priced items.
I implemented something like that in our system just two months ago.
-
On the machine we used as students, if you pressed two alternate buttons at 110 bpm, you would get two cans.
A game was developed, "Kadonk" (named after the sound of a dropping can), to train you to use the right rhytm.
-
And the rhythm went up-up-down-down-left-right-left-right-B-A, right?
-
And the rhythm went up-down
-
I think I've played that game too
-
Swiper no swiping!
Swiper no swiping!
Swiper no swiping!
Swiper no swiping!For some reason that occurred to me when I saw this in my unread list...
-
-
that comes complete with falsified customs documents
it isn't about the soda can! it's about science!
-
hmm.... well that's nothing a nice pinch can't sort out
So how do you get it to just burn out the wireless card and not the whole machine? I like how you think though ;)
or a deauth attack maybe?
This seems a lot more reasonable, but it seems likely that they're using cellular rather than 802.11. I've never really looked into how cell network protocols work and have no idea if it would be possible. Are any of you familiar with it?
-
So how do you get it to just burn out the wireless card and not the whole machine?
You wouldn't need to burn out the whole card, just the aerial circuitry; assuming it's correctly earthed, it should in theory be possible to do that without frying the whole card.This seems a lot more reasonable, but it seems likely that they're using cellular rather than 802.11.
I would have thought 802.11 more likely myself; it can be linked with the building's wired connection, and therefore be more reliable.
I like how you think though
*eyes suspiciously*You're relatively new here, so I've probably just confused you; PM me if you want me to explain. Don't worry, I won't bite ;-)
-
-
-
it isn't about the soda can! it's about science!
It's really about ethics in soda dispensation journalism.
-
@RaceProUK said:
Don't worry, I won't bite ;-)
it's more of an affectionate nibble really.
Yeah, the painful ankle-biting is mostly @CarrieVS's job.
-
It's not to steal a $1.5 soda. It's to steal a $1.5 soda every day for the life of the machine.
-
also, you can build one for less than fifty bucks if you know what you are doing.
less than twenty if you have a couple of old transistor radios lying around to scavenge parts out of.
-
-
@accalia said:
scavange parets out of
You can scavenge some parts while you're there too ;)Or parrots.
Filed under: But only if they're dead.
-
I would have thought 802.11 more likely myself; it can be linked with the building's wired connection, and therefore be more reliable.
It's a possibility, but my thoughts are that this would significantly complicate PCI compliance. I believe it would make the intermediate network responsible as well, regardless of VPN / VLAN segmentation.
eyes suspiciously
http://stream1.gifsoup.com/view/82502/simpsons-shifty-dog-o.gif
-
When I was in 5th grade, my class went on a LOT of field trips to Seattle Center. We were supposed to visit the science center and learn stuff, but instead my cruel friends and I would hang out by the giant gumball machine. We figured out that you could put in a quarter, turn it verrrry slowly until the gumball drops, and then turn it back, and take your quarter out. The mechanism didn't reach the no-turning-back point soon enough.
But the BEST part was that the next random kid that came along with a quarter would get NO gumball. So we'd wait in the shadows and delight in his/her sadness. We had way too many gumballs to enjoy but we couldn't get enough crying kids. Especially the ones that would beg and beg their parents for a quarter, only to receive nothing.
-
There was nowhere for that machine to plug into a wired connection; it was in a hallway. Had to've been wireless.
Wrap the machine in some sort of Faraday foil cage. Not only will you jam the wireless, but you'll also keep the beverages cool. Do a good enough job on the insulation, and you'll save enough in hydro costs cooling the thing that your "free" soda might turn a net profit for the owner.
For bonus points: if it does use cellular instead of 802.11, see if you can get free phone calls from the soda machine.
-
I approve.
-
13 likes. Depressing.
-
well mostly software people here so an hardware hack isn't as interesting
-
-
This post is deleted!
-
Only 16? Huh.