It seems that [Limpkin] was up to no good this weekend. He decided to snoop around inside a smart-card laundry machine. He posted about his larceny adventure and shared the details about how card security works with this machine.
We’re shocked that the control hardware is not under lock and key. Two screws are all that secures the panel to which this PCB is mounted. We know that machines using coins have a key lock, but perhaps there isn’t much need for that if there’s no currency to steal. [Limpkin] made a pass-through connector for the ribbon cable coming in from the card reader. That’s the rainbow cable you can see above and it’s being fed to his logic sniffer. He used the ‘card detect’ signal as a trigger and captured enough data to take back to his lair for analysis. Using what he found and a Bus Pirate to test the smart card he laid bare all the data that’s being sent and received by the controller.

Filed under: security hacks