ATM skimming with a GSM data receiver without any physical contact, is it possible, or is it just fake?. This wireless skimmer does not have to have any physical contact to the ATM/POS Machine, thats what the scammers will keep telling you.
A GSM Data Receiver is a small GSM sdr (Software Defined Radio) receiver which plugs into a laptop via the usb port, which with the dedicated software will receive all ATM card information from the ATM and POS terminals concerned. The received information is stored in a text file on the hard drive, and can be later retrieved, ready for cloning ATM cards. Well the hardware part is real, that does actually exist.
Does a GSM data receiver really work?
Sdr’s specifically the SDR Sim 800C, does in fact actually work at the required frequencies that GSM operate on, so that bit is real. The SIM800C is a complete Quad-band GSM/GPRS receiver that can receive on 850/900/1800/1900MHz GSM frequencies. While it can receive, it can also transmit Voice, SMS and data information. So this piece of hardware for all purposes is real, and is massed produced by a lot of genuine manufacturers. If you see any other hardware that claims to be a GSM data receiver, make sure you can research it and that it does actually operate on GSM channels etc, rather than just a fake device which has had the case removed so you can’t identify it.
Is it possible to decode GSM?
The screenshot below shows an example of GSM data that can be received with the SDR. This was taken with the well known software wireshark which runs on windows OS. You can see some of the GSM information. However you cannot see voice or text message as that part is encrypted.
How to capture live Gsm data.
Using the SDR, you will need to choose which frequencies or channels that are working in the local area. For a lot of countries its the 900 MHz, but in the USA it starts from 850 MHz. There are also channels located in the other parts of bands including the 1800 MHz band, and 1900 MHz band. It changes from country to country.
So, scan until you find a image similar to the waterfall image. When you see one, congratulations, you have found a gsm channel, its that easy.
And what about decoding GSM, surely its encrypted?
Gsm uses the A5/1 cipher and variations of it. In August 2009, Nohl and Krissler spoke about the A5/1 Security Project. They were able to generate rainbow tables which were used to attack and break the A5/1 cipher, which was then used in the interception software provided by the AirProbe project . So this was back in 2009, skip forward to 2022, how technology moves on, so another yes that gsm can probably be broken and decoded.
Is the ATM data encrypted?
ATM’s support the standard 3DES encryption protocol, however some ATMs still support the old style standard DES encryption keys. After 2002 (but before April 1, 2003) any ATM is required to be capable of 3DES encryption, but means it doesn’t have to use this encryption, just have it.
After April 1, 2003 (but before December 31 2005) any installed or replaced ATM will need to be 3DES compliant. This means the ATM must support 3DES as well as have 3DES encryption key installed while operating. In 1998, DES was broken using a computer which was called the DES Cracker. It managed to break DES in less than 3 days, and that was back in 1998.
So Yes the ATM protocol can be broken as well as GSM can be decoded, so now we’re on a roll.
So far we have now seen that the hardware (GSM data receiver) is available to receive the GSM channels, and that GSM is decodable, and that DES, the ATM cypher is crackable too.
Do you get the feeling that this is going somewhere now??
So is there something that will do this?
Various projects, hack attempts, decoders all claim to do this. But ask the question, are they real, do they identify the hardware so that it can actually be done. There are many offerings out there, but we have found one such device that may actually do this, and fits all the criteria. Is it real, take a look below. We also list some devices that are so obviously fake, a child could spot it.
The below software claims to use the Sim800c, is it real or not? Well its using the correct hardware. And if you look at the buttons on the software, it does in actual fact show the receive channels, listen and extract packets etc. Is it real, this one may actually be a real GSM data receiver.
An easily spotted fake gsm data receiver below, turns out to be a drone receiver instead. No usb computer connection port. Don’t buy it, don’t get scammed.
How about this one, turns out to be a TPLink wifi adapter.
Be warned, gsm data skimming of an atm is highly illegal, so don’t be tempted to either try it, or even buy one, you will get caught. Also there are probably more fake devices and scammers out there than real ones, so trying to obtain one, would be extremely difficult. You will just end up losing your money, or going to jail, and considering these things are 1000’s of dollars, it’s a lot to lose.