Friday, January 24, 2025
HomeInfosec- ResourcesUndetectable ATM "Shimmers" Hacker's Latest Tool for Steal your Chip Based...

Undetectable ATM “Shimmers” Hacker’s Latest Tool for Steal your Chip Based Card Details from POS Terminal

Published on

SIEM as a Service

Follow Us on Google News

Latest warning coming out from Canada about sophisticated ATM skimming called “Shimmers”  targeted chip-based credit and Debit cards to steal your entire card information form POS(Point-of-sale) terminal.

Basically many skimming devices record your card information in plain text on the magnetic stripe on the backs of cards.

Last Year November ATM based Skimmer has been detected a threat on ATM fraud devices known as “insert skimmers,”these thin data theft tools made to be completely hidden inside of a cash’s machine’s card acceptance slot.

In this case a chip-based device called shimmer has used in POS Machine which is used in Retailed store and other public areas for customer to make payment.

Earlier of this Const. Alex Bojic of the Coquitlam RCMP economic crime unit Published an Article said, Shimmers have rendered the bigger and bulkier skimmers virtually obsolete,

” A shimmer, on the other hand, is so named because it acts a shim that sits between the chip on the card and the chip reader in the ATM — recording the data on the chip as it is read by the ATM.”

They’ve already started popping up earlier of this Year in Canada and now police are warning ATM users around the world to be alert who all are using POS(Point-of-sale) Terminals.

Shimmers could be used to clone a magnetic stripe card.but its cannot used be used to fabricate a chip-based card.

The shimmers work by fitting inside a card reader. Once installed, the microchips on the shimmer record information from chip cards, including the PIN.

Also Read :  Advanced ATM penetration testing methods

What is  iCVV ?

iCVV Refers integrated circuit card verification value or “iCVV” for short — also known as a “dynamic CVV.”

The iCVV differs from the card verification value (CVV) stored on the physical magnetic stripe, and protects against the copying of magnetic-stripe data from the chip and using that data to create counterfeit magnetic stripe cards.

some banks have apparently not correctly implemented the chip card standard, known as EMV (short for Europay, Mastercard and Visa). so shimmers takes place and performing these attack.

Possible way to successful this Attack

ATM giant NCR Corp wrote in a 2016 alert ,The only way for this attack to be successful is if a [bank card] issuer neglects to check the CVV when authorizing a transaction.

“All issuers MUST make these basic checks to prevent this category of fraud. Card Shimming is not a vulnerability with a chip card, nor with an ATM, and therefore it is not necessary to add protection mechanisms against this form of attack to the ATM.”

That information is later extracted when the criminal inserts a special card — also during a purchase or cash withdrawal — which downloads the data. The information is then used to make fake cards.

“You can’t see a shimmer from the outside like the old skimmer version,” Bojic said in a statement .Businesses and consumers should immediately report anything abnormal about the way their card is acting … especially if the card is sticking inside the machine.”

Customers using the tap function of a chip card is one way to avoid being “shimmed.”It’s actually very secure. Each tap transfers very limited banking information, which can’t be used to clone your card.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Android Kisok Tablets Vulnerability Let Attackers Control AC & Lights

A startling security flaw found in Android-based kiosk tablets at luxury hotels has exposed...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

Beware of Fake Captcha Verifications Spreading Lumma Malware

In January, Netskope Threat Labs uncovered a sophisticated global malware campaign leveraging fake CAPTCHA...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Is this Website Safe: How to Check Website Safety – 2025

is this website safe? In this digital world, Check a website is safe is...

LegionLoader Abusing Chrome Extensions To Deliver Infostealer Malware

LegionLoader, a C/C++ downloader malware, first seen in 2019, delivers payloads like malicious Chrome...

PentestGPT – A ChatGPT Powered Automated Penetration Testing Tool

GBHackers come across a new ChatGPT-powered Penetration testing Tool called "PentestGPT" that helps penetration...