New ATM Hack Shimmer Steals Data, Sits Undetected Inside Card Slot
Security researchers have discovered that ATM hackers are using a new form of card data gathering thin gadget which acts as a shim between the card and the ATM chip reader.
ATM hackers are becoming pretty sophisticated with theirmodus operandithese days and are getting success in cheating the unlucky victims with high tech gadgets.
This kind of hacking was brought to light by a team of fraud experts in Mexico who discovered that ATM hackers are nowadays using a new form of wafer thin gadget termed as shimmer that has been enabled to gather the card data from ATM machines.
On Wednesday,Krebs On Securityreported about this sophisticated ATM skimming machine which is inserted into the ATM card slots from where it can read the data directly from the chip-enabled credit or debit cards.
This unobtrusive unit acts as a bridge or shim between the card (credit or debit) and the ATM chip reader and hence the name shimmer.
This technology is extremely advanced and impressive too because it is difficult to detect this shim, also it does not hamper the chip reading process of the ATM machine.
The chip reading gear comprises of some eight gold rectangular leads which collects the data from the card and some electronics which helps to power the data storage on the shimmer.
A security and investigations Mexican firm,Damage Control S.A. reported that the gadget was found inside aDiebold Opteva 520with Dip reader (the kind of card reader that requires you to briefly insert your card and then quickly remove it).
Usually hackers insert this advanced machine from outside of the ATM and it is not connected to the internal parts of the ATM as it can get all the information from this location and need not have access to the internal of the ATM.
As of now it is not not known if the shimmer was provided with some component such as PIN pad overlay or hidden camera to steal the card PINs.
According to Krebs On Security: Cards equipped with a computer chip are more secure than cards which rely solely on magnetic stripes to store account data.
Although the data that is typically stored on a cards magnetic stripe is replicated inside the chip on chip-enabled cards, the chip contains additional security components not found on a magnetic stripe.
Normally, the cards are provided withiCVV value (integrated Circuit Card Verification)which helps incard verification mechanismand this protects the cards from being copied or duplicated.
When hackers use these shimmers, they are able to bypass this mechanism and thus are able to produce anATM clonewhich can be used later to successfully withdraw cash from ATM machine.
Techcrunchreports say that the information gathered by these shimmers not only allows the hackers to retrieve the data but they can also replicate the ATM chip along with the magnetic strip.
Banks are expected to check regularly if any card inserted in their ATM slots are counterfeited by encoding it with the data stolen from a chip card.
However, it seems there are instances where some banks are skipping this process or following some incorrect process of inspecting their ATM machines for the card skimming devices.
Experts conclude that the crooks are attacking those ATMs which easily accept the magnetic strip cards that have been cloned from chip cards.
It indicates that these hackers have figured out which banks are negligent and not following regular inspection of their ATM machines.
According toKrebs On Security, these banks even seem to be ignoring the withdrawals which happen by using the cloned ATM cards because of its location and thinness.
As of now, it is unclear as to which Mexican banks are affected with these shimmer devices and also whether the technology has already reached to other parts of the world.
Read More
source: www.techworm.net
