One of these days I would love to get my hands on the husk of one of these stupid machines, install a wobbly fascia over the card slot mimicking a badly installed skimmer, hollow it out, put an ill fitting monitor behind the window and a single board computer inside. Upon a user inserting a card and entering a pin number, both of which will promptly be discarded by the software, a small but powerful blower will launch a shower of glitter over the user and a receipt will print yelling at the user for swiping their card on such a dodgy piece of crap and explaining the risks.
Maybe then others will realize just how dumb these mini ATM’s truly are.
They’re insecure, can even be outright completely replaced by a compromised device, and are likely a pretty good source of card skimming fraud.
And even if it isn’t compromised, the fee is $WTFPILLAGE.
One of these days I shall have to post my observations on retail store Wi-Fi customer tracking systems… For now though, here is what you can do about them if you have a rooted Android device.
Pry-Fi is a fun little toy for this purpose. It does a couple of things; one, it can turn background scanning on and off.
Your device always scans for networks when Wi-Fi is on but not connected by dropping a Wi-Fi probe request on each channel. This probe request contains your device’s unique hardware MAC address. This MAC address is what the tracking systems use to identify you – their business end is a number of wireless access points that allow monitoring and relay the probe requests on to a mystery server. Here’s what they look like in the wigle.net wardriving app:
Note that 78 of them replied to my probe requests!!
Pry-Fi can usually (hardware dependent) change the MAC address to fool these things into thinking they’ve never seen you before.
Best yet, it has a war mode, so when you know you’d otherwise be tracked, it can flood them with randomized probes!
It’s just kind of awesome. It won’t be able to do anything on a device without root, of course, but if it has access and the WiFi driver lets it change MAC, it can work its magic.