Skimmer scanner app

spicyayam

The app is designed to detect fuel pump skimmers by scanning for bluetooth devices. It would be interesting to see if it could be used with ATMs. Anyway a good idea for an app and maybe someone might develop it further. https://play.google.com/store/apps/details?id=skimmerscammer.skimmerscammer&hl=en

SurreySteve

Call me suspicious but.........Unless the app itself is designed to skim the details from your cards and upload them to a waiting account in the Cloud! Hmmmm....interesting idea!

davita

I copied this info to another forum and was advised these skimmers were only used to steal info from magstrip credit/debit cards. I thought nearly all cards these days were chip-enabled.

ronb

I leave Bluetooth on my phone on so that calls when I'm driving will be hands free. I would be reluctant to part with that. But I hear what you're saying and will read more. As an aside, a 2013 movie Locke was totally based on these hands free conversations and is worth watching.

JohnnyCool

A few words of warning. OK, more than a few but I think they’re important. There is a new very bad kid on the block called BlueBorne, aimed at Bluetooth devices. More info below. As for the Fuel Pump Skimmer app, which uses Bluetooth… You’ve got to love the fine print that comes with it:

Notice: Using this app may authenticate your Android device to illegally installed skimmers. Please check your local laws before installing this product. There is implicit risk associated with publicly reporting crimes. Consider these risks before using the app. The effective range of this app varies by phone and by skimmer. For best results, hold your phone close to the gas pump. Also, please keep in mind that failure to detect an HC-05 based device does not guarantee there is no skimmer present. There's always a risk to sticking your card in a strange machine.

I thought we’re supposed to turn our smartphones off when filling up, let alone sticking them next to a petrol pump. The following are quotes from the Armis website regarding BlueBorne:

BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector. Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks. The BlueBorne attack vector requires no user interaction, is compatible to all software versions, and does not require any preconditions or configurations aside of the Bluetooth being active. Unlike the common misconception, Bluetooth enabled devices are constantly searching for incoming connections from any devices, and not only those they have been paired with. This means a Bluetooth connection can be established without pairing the devices at all. This makes BlueBorne one of the most broad potential attacks found in recent years, and allows an attacker to strike completely undetected.

Armis has its own app that can check if your Android device is ‘at risk’, as well as any others near where you are:

Android users: To check if your device is at risk or is the devices around you are at risk, download the Armis BlueBorne Scanner App on Google Play.

https://www.armis.com/blueborne/ My thoughts on all of this? If you don’t need to be using Bluetooth, make sure that it’s turned off. That includes Android phones, smart TVs, etc.