Hacking Wal-Mart

56gf2017.jpgRecently I read an article in 2600 magazine that described a bug in Wal-Mart’s automatic check out machines. I found this really interesting as I have discovered a bug in the machines myself. Before I get to that, I will describe the bug that was written about in 2600 volume 22 # 3. This bug described a situation where you could check out items and insert a bill to pay for the item. The machine then displays the message do not insert coins. You then ignore the prompt and insert coins, which gives you the item nearly for free. I have not yet tried this but I would be curious to try it out. The writer in 2600 stated that this was discovered by accident but could be repeated if the correct steps were followed.

I myself found another flaw with these Wal-Mart U-scan machines.During my last spring quarter in college I was in a class that required me to scan a barcode located on my student id. I had to scan this card any time I entered or exited the class. I got really tired of digging my student id out of my wallet, so I made a photocopy of the barcode and attached it to a bracelet. The bracelet seemed to work well I could simply scan my wrist to enter or exit class with out having to dig through a bunch of cards. A few days after creating this barcode bracelet, I went to Wal-Mart to pick up some groceries. After picking up a few item I went to the self-check out and scanned a few items, it was then I remembered the barcode bracelet that I had made. The curiosity was too much to stand I scanned the barcode on my wrist and to my surprise the Wal-Mart system froze up. Shortly after I notified a Wal-Mart employee. The system required a 4 digit password to override the error and the assistant placed this in right in front of my eyes. Being one who is fascinated with security I recognized this right away as a security risk. If I was able to cause this machine to freeze to the point it required an override code then this same technique could be used to exploit this flaw.

Atom 1.0 Feed

Advertisements

~ by hackcraft on August 2, 2006.

16 Responses to “Hacking Wal-Mart”

  1. pls send me 3 visa card numbers and their code numbers. send them soon pls. i need them.
    contact me:win24as@yahoo.com
    soon pls!

  2. Here is a great site to find anonymous proxy

  3. the u-scan runs on windows, and it has a “remote attendent” the u-scan is very hackable if you know what your doing. i work at the grocery store i can screw with it so badly if i wanted to.

  4. yeah, but that code is exclusive to the cashier. anyone who worked for a pick n save or walmart will know that when you sign on to a terminal, you need numbers. if you try and use the numbers you saw, you wont get very far if the same person isnt working there. and if there is an instance where you need a code entered, the parent terminal (worked by a walmart cashier) will warn them.

  5. this is cool tell us some more hacks

  6. FYI
    ——————————————————————-
    Price checker:
    If you unplug it and plug it back in it reboots. I has Windows CE on it. You have to manually put into kiosk mode after boot up. You could use it for something other than checking prices.
    ——————————————————————-
    Gift registry:
    Up in the top right corner there is some letters. Click those it goes to a login page.
    ——————————————————————-
    Self Checkout:
    I’m not sure how to get past login, but it runs on Windows XP.
    It has Internet explorer and a hole bunch of nice stuff.
    While one of the ncr service men is not paying attention you could use it while it is not in kiosk mode.
    ——————————————————————-
    Customer service computer:
    It uses Remote Desktop so you could do something with that.

  7. […] this was discovered by accident but could be repeated if the correct steps were followed." SOUCRE Anyone ever try/do this? I may attempt tomorrow if im bored enough […]

  8. Hacking the self checks is a funny idea, except that all of them are secured. Any over-ride that goes through these have to be approved and they are logged and recorded on video. If you want to hack the self checks go ahead, but the chances are that you will only do it once!

  9. Learn about computer security and hacking. Learn to hack computer administrator password.Find ethical hacking traning.Learn all about anonymous hackers

  10. please can u send a valid visa card 2 use online

  11. DOES IT WORK,

  12. Please can you send me a visa card VBV so that i use it to shop at walmart…Please mail it to be and when you have a sit too you can add it

  13. PLEASE SEND ME A CARD

  14. Would you say that Target and Home Depot are “bush league” because their systems got hacked? Do you have a background or some expertise in eCommerce systems? If so, I’d like to hear your technical description of why one system is better than another, and I’m not being facetious.
    Word Barcode

  15. Have a gift card? Let’s say from meijer a? Must use self checkout.

    1) return stolen items for 100$ gift card
    2) pick up a 5$ shirt and a 98$ kitchen appliance or whatever as long as it’s a few bucks over (goal is to have items equal >100; like 103$, etc. )
    3) scan both items and total will be 103$/or like, etc.
    4) pay for items w gift card: hit checkout, press pay w gift card, swipe card.
    5) machine now says u owe 3$.
    6) act like u forgot credit cards, etc.
    7) tell cashier to take off 98$ or most expensive item.
    8) after she removes item the machine can’t put your change back onto gift card so it gives u cash.
    9) must follow steps exactly!! Some cashiers notice some don’t. But always act stupid if they do. Usually u can just walk away w your cash.

    • I’m pretty sure they would just cancel the whole transaction and then make u ring up your $5 shirt agaim.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: