Reverse Vending Machine (RVM) Security: Real World Exploits / Vulnerabilities
With the plans of increasing the number of reverse vending machines in Europe, it is relevant to take a look at the implemented security mechanisms of such vending machines [1,2]. Currently, in Austria, most stores provide such machines for the return of glass bottles, however, the government wants to also have an addition of vending machines for plastics. Security plays an important role with these machines, as they exchange the bottles for money and an insufficient security mechanism could allow attackers to practically print money. It is not uncommon for such machines to be targets of malicious actors. [3,4,5] We took a look at the vending machines present in most supermarkets in Vienna and figured out that some machines are not secured enough. In many cases, we found that the generated receipts – used at the cash register to be exchanged for money – are not secure enough. By analyzing several previously printed receipts, attackers can use an ESC printer to create forged receipts. Furthermore, we tested our attack with one store and were able to exchange our forged receipt for real goods.