 .:: Insecure Soda Machines ::.
|
Disclaimer: The information provided here is for educational purposes only for those who design soda machines and external alternative payment systems. I am in no way, shape or form encouraging depriving the owners of the soda machines the money they are due for their product. Do not try this unless you own the soda machine or have valid permission to do so.
Most of us drink soda more than we drink clean water, and even still we can get bottled water at most soda machines now that demand for purified water is at a high. Some of the modern payment systems soda machines employ are coin slots, bill readers and e-wallet smart cards. The smart card technology is what I will focus on. Schlumberger has been producing most of the smart card devices on the market and makes all kinds of systems involving smart cards. Interestingly enough they made a huge flaw when designing the software for their soda machine card readers. It is hard to imagine how a computer software engineer "forgot" that order of operations is important, but in the security industry it only takes one incompetent computer programmer leaving out a Monday detail and a few careless supervisors for major security flaws to spawn. After examining how the soda machine goes about the transaction I noticed that the machine first dispenses the soda and then writes a new balance to my e-wallet smart card. This meant that yanking the care out (which is easy to do) after it sent a signal to the dispensing circuitry but before it "charged me" would yield a free soda. Making a selection then waiting 1.5 to 2 seconds before yanking out the card is not something a soda machine owner would want their machine to allow. If only the programmer charged the customer first and then dispensed the soda this problem would not exist. The solution? Fix the software! And I would also recommend redesigning the system to prevent the edge of the card from sticking out so that it cannot be yanked out.
This is a soda machine equiped with a smart card reader.
The card is placed inside the Schlumberger "smart" card reader.
A selection is then made.
After waiting patiently for about 1.5 to 2.0 seconds the card is yanked from the machine before the new ballance can be written but after a signal has been sent to the soda dispensing circuit.
Ah, a cold fresh soda on the house! Now if only a two lines of code were written in the reverse order this would not have occured.
|
 |
|
IP LOGGED: