SWR Contactless at Ticket Machines

crablab · 25 September 2017 09:24

I’ve seen a few mentions of this around the forum but not a thread so if there is a dedicated one, feel free to merge!

I’ve tried to buy tickets from SWR ticket machines 4 times recently, and every time I use contactless I get an error on the card machine (but no notification in app):
IMG_20170923_053603

BUT the best bit is (not that apparently I have loads of money in my account - I don’t!), this also crashes the ENTIRE ticket machine which then goes out of service and reboots:
IMG_20170924_203929

As I say, I’ve had this 4 times on 4 different machines in two different stations - has anyone else had problems like this? (Note: chip and pin first time works fine, if you pay by contactless then try to pay by chip and pin you won’t be able to because the machine will have frozen)

sgetliffe · 25 September 2017 09:42

I’ve had this recently too, on numerous machines all around the South, it is a cool trick though, it just sends the entire machine into meltdown!!

Doherty · 25 September 2017 11:32

Ha, I have never crashed the entire machine. Looks fun though.

However I have tried many times to buy my ticket using contactless at Egham station (SWR). It never works yet chip and pin always works. Strange. Plus When the south West Trains franchise was sold to the South Western Rail recently the location of the transaction has since been displaying as a random pub somewhere in scotland. Very odd.

mrw34 · 25 September 2017 12:06

I haven’t used Monzo but contactless hasn’t worked for me on the two occasions I’ve tried with my MasterCard credit card (both directly and Apple Pay). Had to use PIN. Didn’t crash the machine though…

Whizz · 25 September 2017 12:33

Hi, what card / device did you use ? I know its a daft question, but is it one you use elsewhere successfully too ?

As in Visa / MasterCard / ApplePay…

jrmurray86 · 25 September 2017 12:59

Now if only we could organise a mass crash of every machine then they might pay attention to it

anon23935806 · 25 September 2017 13:39

This is worrying - causing the whole machine to crash would probably mean there’s a way to execute code on the machine with a malicious card.

Whizz · 25 September 2017 14:04

Or just the card readers response to the contactless chip has a problem and stops, locks the communications to the point of sale, so it has to be rebooted to recover.

Saw something similar with a German issued card on UK VeriFone VX810 PEDs a few years ago, it took a while, but we managed to work out that the name of the card was padded the wrong way and caused the reader to fall over.

I expect someone has read the specs differently to someone else and the card / device works on other hardware, but when ever it comes in contact with the stuff under the hood at the station causes issues.

crablab · 25 September 2017 14:35

I’m pretty sure that’s possible actually on some badly designed POSes.

jamieps · 25 September 2017 19:07

I reported this on the in-app chat (with a photo of the great Windows 7 ‘Welcome’ screen) and they said they were looking into it. I’ve also had issues with contactless on other Verifone terminals.

TonyHoyle · 25 September 2017 21:04

Some even run javascript on top of IE… https://pbs.twimg.com/media/DKLeKUZWsAEcrWp.jpg

An ATM compromise is just a matter of time I think, but banks take security semi seriously so it hasn’t happened yet.

anon23935806 · 26 September 2017 07:54

Better, use the exploit to put something like Cryptolocker or similar malware on the machine…

dannn · 26 September 2017 08:14

Had a similar experience on two London Midland machines this morning, but I also seemed to have funds taken out of my account.

I don’t think the people waiting behind me were quite as impressed as I was that I’d managed to shut down the only two ticket machines, or that I seemed to have £14m in my current account.

nanos · 26 September 2017 08:58

No, it has happened multiple times already. Of course often one has to ask whether what’s described as hack really is a hack, but given that some ATMs have USB ports, others are WiFi connected, and a very large number still run Windows XP - well …

These are just the stories that I remember off the top of my head from the last few years, and am still able to find without wasting too much time. I’m sure there is more…

It would be cool, though, if someone produced a hack that worked simply by inserting a specially crafted credit card. I haven’t heard of that yet…

gordonjb · 26 September 2017 09:23

Yeah I had it just not accept contactless before (on the prepaid card), never had it reboot!

crablab · 26 September 2017 10:29

That’s certainly what I was looking for There are some good Defcon talks on hacking ATMs

Interesting. If this over multiple TOCs then this implies it is an issue with the manufacturer of the machines (Scheidt & Bachmann)

wjbr · 27 September 2017 18:38

Can you provide the date, time and the station name where this happened?

I’ve asked SWR and they said they will investigate it.

anon44204028 · 27 September 2017 18:47

These machines run on obselete Windows XP and although installed since 2004 incorporate technology from the 1990s.

crablab · 27 September 2017 19:08

The one I rebooted didn’t - it was Windows 7!

I’ve already tweeted them about it so hopefully they should get it sorted

The more people that moan, the more likely they are to accept it is an issue with their machines.

MikeW · 27 September 2017 20:25

We had exactly that (huge balance and reboot) at Witley station Monday morning but with a different brand of pre pay card!