Security Review: Pop Machines
While we have access to reasonably priced soda in the ACM lounge or the Benson store, the average person looking for a convenient drink has to shell out between $1.75 and $2 to buy from a pop machine. But why pay if you don’t have to? It is obvious that the manufacturers of these machines have put thought into their security: most machines will hardly let you reach in for the drink you bought, let alone reaching up into the machine. Despite this, it is still possible to manipulate the machines into giving away drinks. Is their security good enough for most situations? Is the security too good? Let’s find out…
Assets
- Profits for the pop machine’s owner. Costs associated with security features on the machine are deducted from this.
- Customer satisfaction. A buyer should get at least what they paid for, hopefully not more.
- Ease of use. The machine should be simple to buy from or both of the above assets will be threatened. It should also be efficient to stock with more drinks for the same reason.
Potential Adversaries/Threats
- Freeloaders and bored kids. These are the people trying to get more than they pay for, so are obviously bad for business.
- Power outages. The machine can’t rely on being powered to provide security. The outage might be environmental or caused by pulling the power cord.
- Determined criminal. These guys might take a free drink, but what they really want is all that money that’s sitting in the machine.
Weaknesses
- The drink exit hatch. If something can come out, then something could potentially go in. This is usually the most obviously protected part of any machine.
- Mechanics of the delivery system. Not only do these have to be reliable under normal conditions, they should be resistant to strange conditions such as being tipped sideways, hit with a baseball bat, etc. A failed mechanical system could (at worst for the buyer) not deliver the paid-for drink or (at worst for the owner) spill out free cans of soda.
Defenses
- As we have all seen, the exit hatch can be protected by making it impossible to fit an arm or hand into. It should also be hard to insert any object like a coat hanger into the opening such that it can damage or manipulate the insides of the machine. This can be accomplished with one-way hatches up inside the machine that only let drinks out.
- Building the machine out of metal helps to protect against forceful attacks. Some machines today are made with clear glass or plastic displays. These can be nearly as protective as metal if the right materials are used.
- Just like pinball machines, pop machines might be fitted with tilt detectors. These can protect against a common attack that involves tilting a machine while it is delivering the drink such that the drink isn’t dispensed properly and the money is refunded. When another drink is bought you get both the improperly dispensed drink and another one for the price of one drink.
- Protecting the money in the machine requires multiple levels of security. It may be that the person who stocks the machine is different from the person who collects the money from it. These multiple levels include different sets of keys, and something like a mini safe to keep all the money in. On top of it all, the machine itself needs to be secured to the ground so it isn’t simply trucked away.
Conclusion
Pop machines are not especially secure since a determined person can usually get a free drink or two. From the standpoint of securing the money in the machine however, they are much more secure. Though they are less secure than an ATM, they hold much less money so a simpler and cheaper design can suffice. The main problem is providing a secure machine while allowing it to be easily used and reliable for the buyer. Assuming that the majority of buyers are honest, the amount of money lost to people who get free drinks can be ignored considering the large profit margin for soda.
Comment by alpers
February 14, 2008 @ 1:47 pm
There’s been a publicized method on the internet for ‘hacking’ the pop machine as well. Basically, after entering a sequence of button on a specific brand of dispensing machine, you can have access to a control panel. There’s a default password of 1234 that is usually never changed, and then the crafty consumer or mob boss can reconfigure the machine – set up different prices, dispense the change, etc. I believe this has been pretty much phased out, but some of the pop machines remain around campus. 🙂
Comment by mgklous
February 15, 2008 @ 7:08 pm
you still haven’t told me how to get a free soda!
Comment by nekret
February 15, 2008 @ 9:06 pm
I think it’s also worth mentioning the Blackboard card scanners that are installed in all the vending machines on campus. I’ve noticed that these are all hooked up by ethernet in the residence halls. A quick scan of the local subnet reveals that these things run a telnet server for remote configuration and some other (likely proprietary) service on port 9001. Since the 4 vending machines in my hall are all connected by a switch laying on the ground of the vending room, it would be trivial to set up an ethernet bridge and capture all the traffic to and from the vending machines. Hopefully somewhere along the line you could capture the password to configure the device at which point you could likely point the vending machine to your own blackboard transaction server which would circumvent the usual draw on your meal plan.
Comment by nekret
February 15, 2008 @ 9:10 pm
I almost forgot, in case anyone’s interested here is a list of the IP’s that belong to the vending machines in Mercer Hall
128.95.49.176
128.95.49.157
128.95.49.88
128.95.49.14
They likely can only be accessed on campus due to the default port blocking policy.
Comment by Chad
February 17, 2008 @ 10:15 pm
Just the other day the chips I bought got stuck between the racks and the glass as they fell, taunting me as they hung precariously above the receiving tray. As I was looking for ways to get them out, I noticed that the exit hatch was designed so that if you open the main flap to the receiving tray, another flap closes, separating the receiving tray from the merchandise. As stated in the main review, this prevents people from reaching into the vending machine. However, I also noticed that on the very edge of the flap, there was a slight gap between the flap and the machine which is enough space for a coat hanger to be inserted. It would have been easy to make a “U” shape out of a coat hanger, opened the flap and inserted one branch of the wire horizontally while hanging on to the other branch. After the flap was closed again, the U could have been rotated so that in my case, the chips could be knocked free. I decided that this would take too much work considering that shaking the machine would have the same effect. That being said, if a hook was put at the end of the coat hanger, an adversary could potentially fish out snacks that weren’t simply stuck.