On Mon, 25 Jun 2001, John Doe #N wrote:
http://www.msnbc.com/news/589575.asp ... Visa International and other terminal makers caution that use of the James Bond-esque device is hardly widespread.
I can't imagine why not. It's not as though the hardware is difficult to fabricate or purchase, and driver source code is just all over the place for free. Here's a convenient package with all the electronic parts necessary, selling for under $80. http://www.register5.com/register5/magmin.html (You can probably find it cheaper, that's just the first place I looked) Add a microdrive and one of those PC-on-a-chip things with a 386 plus minimal hardware and a teeny linux distribution, like you can find at http://www.tiqit.com for under $1000, then download the appropriate driver from the reader manufacturer, compile it with gcc, and you're in business. It would take about two days to build this device, cost under $1500, and the driver is so dead-simple it's probably no effort at all to port, but allocate another day of work for that. After that it's just a matter of dumping the info to the hard drive and writing a script to phone home once in a while. Any geek with about $1500 to spend and a few days to put it together could build the equivalent device; don't marvel at the high-tech, 'cause card-reader drivers are publicly available, even simpler than a keyboard driver, and the hardware is prefab. The only remotely-interesting question is how and when did the perps get private access to the gimmicked card readers? Or were the card readers compromised before they were installed? If you've got an hour or so with a good scope, you can even save yourself the cost of the card reader and associated fab problems mounting it into the card reader machine; just tap the relevant wires from the card reader that is already installed in the device. However, this would require you to write your own driver and put some diodes on the lines so you don't interfere with the other system driving the mag readers, so it's technically harder. Bear