I have always been interested in security in connection with computers. In the last couple of weeks I have tested the durability of a local library's security system, in connection with loss prevention and patron liability. I will discuss three major oversights in this particular library's implementation, and maybe offer a few suggestions.
Disclaimer: Do not attempt to do anything I do, or say. I have no idea, but such activity may be incriminating. This blog is only a proof of concept, not a means of material or identity theft. It is only for information about how terrible this library's security system is!
First off, let me start with the main focus of the attack. We have the
3M™ SelfCheck™ System V-Series self-service book check out station. Through empirical testing I have found that is it a V1 model (which will become obvious later). To use one of these machines you first scan the
barcode on your library card, then slide the book along the V shape up to the
barcode reader, and it simultaneously desensitizes the
TattleTape security strip in the spine of the book and scans in the
barcode of the book. You can then press 'print receipt' on the touchscreen to print out the receipt of your checked-out book, or scan more books then print the receipt.
I tested how durable the system is in many ways: