The complex the machine, its probability of getting hacked increases. Recently, an Italian hacker Matteo Pisani hacked the payment system used by the vending machines
The vending machines are installed by Argenta, a popular coffee services provider in Italy, now acquired by the Selecta Group B.V… While inspecting the working of the machine’s payment system, Pisani found a way to get free credit using a mobile app.
The machine’s payment system supports Bluetooth Low Energy (BLE) and Near Field Communication (NFC) technologies, it enables a user to connect them to the machine as well as make payment using their smartphone.
“With a macro inspection of all the reversed sources I found huge portion of clean code — without obfuscation — that meant no great counter-measures adopted to protect user data and make the App secure at all,“ Pisani notes.
Prior to making the findings public, Pisani had informed the company about the flaws in their payment system.
“I gently suggested them to toss the current architecture and develop a better and secure one from scratch,” the hacker says.
The researcher has even uploaded a video titled “How I hacked modern Vending Machines” on Youtube explaining the flaw.