EEVblog #687 - EFTPOS PIN Pad Terminal Teardown

[EEVblog]

What's inside a smart card pinpad EFTPOS terminal?
Dave looks at the anti-tamper mechanisms inside a Sagem Monetel secure PIN pad

DS5240 High-Speed Secure Microcontroller
http://datasheets.maximintegrated.com/en/ds/DS5240.pdf

MAX32550 DeepCover Secure Cortex-M3 Flash Microcontroller
http://datasheets.maximintegrated.com/en/ds/MAX32550.pdf

http://www.onsemi.com/pub/Collateral/NCN6004A-D.PDF

[josem]

Very interesting ( and I love the 50 fps video!).

Just a note, those SIM slots aren't actually for mobile network access, they're Secure access module (SAMs) used as secure elements for the encryption.

See https://en.wikipedia.org/wiki/Secure_access_module for an overview.

[max_torque]

Wouldn't each individual unit need to authenticate itself with the EFT network?  That way, no one can just substitute a hacked device in place of an existing device?

[mikeselectricstuff]

The SIM slots are to do with the security/payment processing stuff - they use the same type of smartcard.   Probably just one of them is for the optional GSM modem
Here's a Teardown I did a while ago - this one has more anti-tamper features

[G7PSK]

There was a program on TV a couple of months back about chip and pin machines, the TV company got a hacked unit from a man in Canada, the hacked unit would then send out all the card info and the person who purchased the machine could the access the information on the web. It only took about 24 hours from contacting the man in Canada to the reporter receiving the unit. What I understood from the program was the machines were being reprogrammed in some way. Apparently many restaurants are using such machines.

[Sionyn]

ive posted these here before





This is a good introduction into SIM type smart cards

[coppice]

Why does Dave keep going on about potting? Potting only slows people down for an hour or two.

[Sionyn]

here's a example of a high profile attack, these machines were compromised during manufacture
http://www.telegraph.co.uk/news/uknews/law-and-order/3173346/Chip-and-pin-scam-has-netted-millions-from-British-shoppers.html

[mikeselectricstuff]

Why does Dave keep going on about potting? Potting only slows people down for an hour or two.

Yes, but if they embed a tamper-detect mesh in the potting it gets a lot harder.
Having to keep everything powered during depotting also limits options.

[Fungus]

Wouldn't each individual unit need to authenticate itself with the EFT network?  That way, no one can just substitute a hacked device in place of an existing device?

Thieves don't care if somebody else receives your payments for a while.

Edit: All they need is access to your machine long enough to install a recording device for card swipes and keypresses. They swap yours for another one that looks the same, take yours to the bathroom, hack it, then swap it back again.

[Fungus]

Why does Dave keep going on about potting? Potting only slows people down for an hour or two.

Presumably you have to keep the thing powered up while you de-pot it. That makes it very difficult to just dump the PCB in some solvent.

[Fungus]

On a related note, how would you go about hacking this device?

The first switch looks easy enough to defeat if you know where it is. You just drill a tiny hole in the side of the machine and put in a clip to hold that piece of red plastic in place while you take off the top cover. That lets you install the 'card details' recorder, no problem.

The keypress recorder seems a lot harder to install. Any ideas?

[SeanB]

I took one apart a while ago, still have the bits around I see in a box.

Here is a similar protection method, used in a postal meter to store the postage purchased.


IMG_1225 by SeanB_ZA, on Flickr


Under small cover by SeanB_ZA, on Flickr

Here is the card terminal main board, every board has a battery on it for back up.


underside by SeanB_ZA, on Flickr


remote board underside by SeanB_ZA, on Flickr


chip card interface top by SeanB_ZA, on Flickr


pots modem board top by SeanB_ZA, on Flickr

[coppice]

here's a example of a high profile attack, these machines were compromised during manufacture
http://www.telegraph.co.uk/news/uknews/law-and-order/3173346/Chip-and-pin-scam-has-netted-millions-from-British-shoppers.html

I've read about that one before, and its bizarre. The critical silicon in machines like this are developed by trusted teams, in trusted labs. The chips are made in trusted fabs, which cst a fortune to qualify as trusted. No module designs may be imported into the chip design, unless they come from another trusted team. It seems after all this care is taken with the chips they just got "some guys in China" to assemble them into a product.

[EvilGeniusSkis]

On a related note, how would you go about hacking this device?

The first switch looks easy enough to defeat if you know where it is. You just drill a tiny hole in the side of the machine and put in a clip to hold that piece of red plastic in place while you take off the top cover. That lets you install the 'card details' recorder, no problem.

The keypress recorder seems a lot harder to install. Any ideas?

dremal a slot in the side of the case and slide a piece of something conductive under the keypad to complete the circuit for the security buttons.

[SAI_Peregrinus]

Tarnovsky's talk on hacking a TPM. What sorts of tamper-proofing one can get through generally is simply a matter of time and budget. FIB workstations are in the millions of dollars.

http://krebsonsecurity.com/category/all-about-skimmers/

Brian Krebs' site has good info on card skimmers.

[Supercharged]

On a related note, how would you go about hacking this device?

The first switch looks easy enough to defeat if you know where it is. You just drill a tiny hole in the side of the machine and put in a clip to hold that piece of red plastic in place while you take off the top cover. That lets you install the 'card details' recorder, no problem.

The keypress recorder seems a lot harder to install. Any ideas?

Maybe drill a hole next to the security switches and try to connect them (using solder paste or something).

[SeanB]

I actually have some of those sim like modules, came from a payphone.

[nitro2k01]

That unpopulated connector near the big exposed ground plane looks like a PCI connector, which would be used for the optional GPRS module. The unpopulated stuff on the other side is likely just power conversion for said module.

[Fungus]

On a related note, how would you go about hacking this device?

The first switch looks easy enough to defeat if you know where it is. You just drill a tiny hole in the side of the machine and put in a clip to hold that piece of red plastic in place while you take off the top cover. That lets you install the 'card details' recorder, no problem.

The keypress recorder seems a lot harder to install. Any ideas?

Maybe drill a hole next to the security switches and try to connect them (using solder paste or something).

Leaving holes/marks on the top is probably bad. Somebody will notice. You might be able to go down the gap at the side of one of the adjacent keys though, or just rip one of the adjacent keys out to get access and replace the whole keyboard membrane when you're done hacking.

Or ... maybe you could push a syringe needle through one of the adjacent keys and get there that way. Inject some of that silver paint they sell for repairing PCB traces onto the PCB.

I notice there's an exposed contact all around the security pads. It probably trips the switch if you short one of the pad's contacts to that. This would prevent you sliding conductive things under the membrane to make a contact. It also means you'd have to be very precise with your syringe (or whatever).

[alxnik]

SAGEM, the company that used to make them was bought by ingenico, so this is the last SAGEM branded model. It's obsolete by 2 generations since generally these things go out of style (and certifications) very quick. This specific device cannot be installed in europe anymore since it's not allowed by the PCI.

These things are serviceable by authorised dealers. Easy stuff, change the board, change the printer etc. In order to have it running again, you need to use a comissioning process which inject the keys inside using specialized tools. So no, these are not 1 use only.

Now on the security side. When there is a security breach, the only thing that gets erased are the banking keys (and a big flashing key on the screen when it powers on). Without the banking keys, no transaction can happen. Practically there is no way to steal the banking keys themselves (even after bypassing the security) apart from depotting the cryptoprocessor or something. It's true that the cryptoprocessor is sensitive to voltage, temperature and humidity variations, which makes even depotting practically impossible.

The main reason for the banking keys are to protect the PIN itself. The cleartext pin only has to travel between the pinad (physical keypresses) and the cryptoprocessor where it gets encrypted. The whole idea of tamper resistant and tamper evident is that if a person tries to install a skimming device, the POS stops working altogether (and the big flashing key thingy...). The magstripe data are irelevant to the security since it can be easily stolen anyway if magnetic stripe is used (mainly USA, europe moved away).

The SAM slots which are used to insert smartcards are mainly for legacy applications since they were used as encryption devices in the olden days (10 years ago?), but because of PCI nowadays the only device that is allowed to be used as an encryption device is the secure cryptoprocessor.

The USBs on the side are indeed for software loading.
The applications (firmware) that are installed need to be cryptographically signed which means that:
a. only authorized persons can install software
b. if malicious software is found, its source can be found

Can it be hacked? Probably. I have personally worked in the industry for some time and I have never seen or heard of a PCI certified EFTPOS terminal being hacked into a skimming device or whatever. Usually the easier targets are the ATMs or the less secure EFTPOS terminals that are used in the US.

One interesting bit. Although I personally haven't used this feature and I am not 100% sure about it, I think the big cap is used as a micro-UPS. When the power is cut, the banking application gets a "power is cut" interrupt which gives it just enough time to save the state it's in. This is very useful so that no wrong bank charges happen.

[Fungus]

Tarnovsky's talk on hacking a TPM. What sorts of tamper-proofing one can get through generally is simply a matter of time and budget. FIB workstations are in the millions of dollars.

Good video.

[Noah]

Wow, first time i see a board with a layermarker outside my company. So we are not the only one who still put them on the pcb.

My idea for hacking would be clipping the first tacktile switch, open the case and then try to probe some vias and sniff on the traces of the keypad.

[EEVblog]

Why does Dave keep going on about potting? Potting only slows people down for an hour or two.

Presumably you have to keep the thing powered up while you de-pot it. That makes it very difficult to just dump the PCB in some solvent.

Yes, that's the whole idea. The keys are in SRAM and you can put extra anti-tamper in the potting. Should have mentioned that.

[EEVblog]

I've read about that one before, and its bizarre. The critical silicon in machines like this are developed by trusted teams, in trusted labs.

This is all part fo the standard, which as I briefly mentioned included the handling and management of device as well.

[ovnr]

I really enjoy the 50fps stuff. Much nicer.

(Personally, I'd have upsampled everything to 60fps (at least for the mailbag, given that the main cam for that is apparently 60fps?), rather than downsample to 50. PCs have to repeat the same frame every 6 frames or so when playing 50 fps video.)



Anyhows! The top board with the unpopulated area is actually a DC/DC converter - see below. It's probably used for an optional battery-powered model.

[nitro2k01]

ovnr: See my comment above. The DC/DC is likely specific to the GPRS module.

[coppice]

I've read about that one before, and its bizarre. The critical silicon in machines like this are developed by trusted teams, in trusted labs.

This is all part fo the standard, which as I briefly mentioned included the handling and management of device as well.

So, what happened in that UK case? There was no mention of the Chinese contract manufacturer being a trusted assembly house who were compromised by criminals. They appear to have been just the average kind of contract assembly place, compromised by criminals. Were the standards ignored when that manufacturer was chosen, or are the holes in the standards?

[(In)Sanity]

You know what they say about opinions,  well here comes one.

I found myself fast forwarding until I actual could see some circuit board.  The beginning of this video was "as boring as bat shit".    I love tear down video's,  they rock.  This one,  not so much.   I'll admit it got better toward the end.   

Find some more test gear to tear apart,  something people might actually own or can relate to.   

Things not to tear apart:   Cell phones,  calculators,  remote controls,   etc.   If it doesn't have a power supply inside..it might end up just being boring.    Survey the populous,  find out what kinds of stuff people want to see.

Hey,  just my two cents. 

Jeff

[nitro2k01]

Things not to tear apart:   Cell phones,  calculators,  remote controls,   etc.   

I don't really agree. Such simple things don't necessarily need a one hour waffle session, but they are excellent for some historical context, ie an example of electronics design used to be like. A quick look inside even a simple item is often interesting in that you may notice some minor detail you didn't know about.

[(In)Sanity]

Things not to tear apart:   Cell phones,  calculators,  remote controls,   etc.   

I don't really agree. Such simple things don't necessarily need a one hour waffle session, but they are excellent for some historical context, ie an example of electronics design used to be like. A quick look inside even a simple item is often interesting in that you may notice some minor detail you didn't know about.

Ok,  I'll agree on that basis.  But yes let's not spend 30 minutes looking at stuff that's just become obsolete.   Now take apart the worlds first cell phone and that's great.   If it has historical value it's fair game.

Jeff 

[NickS]

The keypress recorder seems a lot harder to install. Any ideas?

Pull buttons out through their own hole. Just cut/tear the sillicon membrane and pray you don't dislodge the tamper one.

Then make your own individual buttons which look the same with a tap on each one, little bit of glue and push it in to the hole.
Do a neat job and no one would notice without looking closely.

[Angryfeet]

That unpopulated connector near the big exposed ground plane looks like a PCI connector, which would be used for the optional GPRS module. The unpopulated stuff on the other side is likely just power conversion for said module.

Yes, Sagem also make GRPS modules.

[coppice]

That unpopulated connector near the big exposed ground plane looks like a PCI connector, which would be used for the optional GPRS module. The unpopulated stuff on the other side is likely just power conversion for said module.

Yes, Sagem also make GRPS modules.

and GSM phones, and FAX machines, and utility meters and many other things. They have quite a low profile for a company with such a wide range of activities.

[phenol]

The printer inside has 384 pixels, 200dpi resolution, paper advance pitch is 0.0625mm, can print at almost 100mm/s ...still in production today

[G7PSK]

That unpopulated connector near the big exposed ground plane looks like a PCI connector, which would be used for the optional GPRS module. The unpopulated stuff on the other side is likely just power conversion for said module.

Yes, Sagem also make GRPS modules.

and GSM phones, and FAX machines, and utility meters and many other things. They have quite a low profile for a company with such a wide range of activities.

I had a Sagem fax machine, actually several as they had a habit of blowing up quite literally, I had to throw one out of the office window in flames. At the time in the 90's Sagem was part of the French Nuclear industry and as such state owned.

[senso]

Not a pin pad terminal, but also in the mood of the topic:

[Howardlong]

At 07:10.

Here ya go...



For black ends, use a silver calligraphy pen.

Overpaint with clear varnish, or pinch the wife's clear nail varnish.

[delmadord]

The printer inside has 384 pixels, 200dpi resolution, paper advance pitch is 0.0625mm, can print at almost 100mm/s ...still in production today

I am currently on a project involving one of these (or maybe similar, just thermal printer). How much effort it takes to get them running from a linux board, if they come from Alibaba (that means less change of proper datasheet), please?

[Fungus]

Here ya go...

For black ends, use a silver calligraphy pen.

Overpaint with clear varnish, or pinch the wife's clear nail varnish.

For that price you'd think they could print it on there for you...

[max666]

I know you didn't ask, but may I give you my opinion about your opinion =p
(I’m not intending to attack your opinion, just trying to represent others as well, in case Dave is watching)

...I found myself fast forwarding until I actual could see some circuit board.  The beginning of this video was "as boring as bat shit"....

Ok, I get you like seeing naked circuit board; well I enjoyed the foreplay. Not everyone is familiar with every devices Dave is tearing down, so some context on why things are the way they are can be quite helpful.

...,  something people might actually own or can relate to.  ...

But if you only watch teardowns of things you own or can relate to, wouldn't that just be a recipe for boring teardowns?

...  If it doesn't have a power supply inside..it might end up just being boring. ....

What is it about not having a power supply that makes a product inherently uninteresting? Especially since the power supply is probably the first thing that gets boring after you've seen one or two.

[(In)Sanity]

I know you didn't ask, but may I give you my opinion about your opinion =p
(I’m not intending to attack your opinion, just trying to represent others as well, in case Dave is watching)

...I found myself fast forwarding until I actual could see some circuit board.  The beginning of this video was "as boring as bat shit"....

Ok, I get you like seeing naked circuit board; well I enjoyed the foreplay. Not everyone is familiar with every devices Dave is tearing down, so some context on why things are the way they are can be quite helpful.

...,  something people might actually own or can relate to.  ...

But if you only watch teardowns of things you own or can relate to, wouldn't that just be a recipe for boring teardowns?

...  If it doesn't have a power supply inside..it might end up just being boring. ....

What is it about not having a power supply that makes a product inherently uninteresting? Especially since the power supply is probably the first thing that gets boring after you've seen one or two.

Devices with internal power supplies tend to be more complex and/or often analog in nature.  Seeing a device that consists of nothing but high density surface mount IC's and a few bypass caps is about as boring as it gets.   Even scope and spectrum analyzer tear downs have analog components and explanations that go along with that part of the circuit.   

Tear apart a modern PC,  what's the most interesting part of the entire thing,  the mufti-phase power supplies running the big boring chips.   The power supplies themselves and perhaps some thermal management.   

Cool stuff is stuff that can be broken down and explained,  not looking at an ASIC and saying..hey that does it all right in that one chip.    This is not to say Dave has done this,   at least not intentionally.   

I'm sure everyone has opinions about what they like and don't like to see,  I'm just expressing mine.    My favorite tear down video's so far I believe were the old analog scopes.   Blast from the past of something I don't own and that has character and substance.    My next favorite were the various power supply tear downs.   Looking at how they handle higher voltages and thermal management.

What's your favorite tear down ?

Jeff

[RobertHolcombe]

Sorry about the dodgy photos, I just took them quickly today while work was quiet. Two model PINPads from the same manufacturer, using essentially the same method of tamper detection. The first two pictures are an older model, we commonly replace them due to entering tamper mode, as well as the contactless/paywave readers failing - the RFID module attaches to the top of the PINPad, interfaces using a SD-card style connecter w/ flat-flex - fairly robust but ham-fisted operators would remove the PINPad from its cradle using the top module, stressing the interconnect and in some cases the mounting system itself, breaking the module. Derp.

[phenol]

The printer inside has 384 pixels, 200dpi resolution, paper advance pitch is 0.0625mm, can print at almost 100mm/s ...still in production today

I am currently on a project involving one of these (or maybe similar, just thermal printer). How much effort it takes to get them running from a linux board, if they come from Alibaba (that means less change of proper datasheet), please?

If this is the fist time you lay hands on a thermal printer, it won't be all that trivial. You'll probably toast the thermal head first thing you fire the strobes for more than a few ms. It is for this reason that thermal printer manufacturers also sell various chipset solutions, essentially a preprogrammed microcontroller as a bare chip to which you send ascii characters, graphics data and various control codes, and it takes proper care of driving the printer mechanism in the right way.

[SeanB]

Yes, and Epson has a range of printer interfaces that are basically a mask programmed 8052 with extra firmware to handle the printer using either a serial data or parallel data stream. You connect it, provide power and a clock crystal and send data and it does the rest. literally a single chip needing only a single ULN200x transistor array to drive the motors.

[delmadord]

If this is the fist time you lay hands on a thermal printer, it won't be all that trivial. You'll probably toast the thermal head first thing you fire the strobes for more than a few ms. It is for this reason that thermal printer manufacturers also sell various chipset solutions, essentially a preprogrammed microcontroller as a bare chip to which you send ascii characters, graphics data and various control codes, and it takes proper care of driving the printer mechanism in the right way.

Yes, and Epson has a range of printer interfaces that are basically a mask programmed 8052 with extra firmware to handle the printer using either a serial data or parallel data stream. You connect it, provide power and a clock crystal and send data and it does the rest. literally a single chip needing only a single ULN200x transistor array to drive the motors.

Yeah, thanks, I have already found some sellers on alibaba that sell the thermal printing header along with a board that requires just PWR, GND and two UART lines, will most likely roll this solution. The problem is custom enclosure, though, but it it not a matter of this thread anyway.

[phenol]

there are semi-integrated mechanisms out there, they call them bucket printers. a typical bucket consists of a simple mech like the one in that POS terminal with a plastic paper holder bucket around it. Typically those are panel-mount and have either their own driver board or space for one.
The chipsets and the driver boards normally have windows/linux/... drivers with them, which means that you can hook a thermal printer to your PC or whatever OS platform...

[plaes]

This "security locking tab or something like that" slot @ 4:30 is actually a window to see how much printer paper is left in the roll.

[Don Hills]

Many of these terminals can have built-in POTS modems for connectivity.
These are typically used by low-volume retailers who may only have a few transactions per hour. They often share a line with the retailer's main phone.
The modems are typically 1200 bps v.22 synchronous, using SDLC protocol.  Why 40 year old technology?
1200 bps makes perfect sense when you look at a typical EFTPOS transaction. Most transactions involve only a few hundred bytes of data transferred each way. A v.22 modem pair can be connected, default equalised, fast trained and into data mode in as little as half a second. So you can connect, transfer the data and disconnect before a faster modem would complete training (the bleeps and bloops you hear when a faster modem connects.) The number dialed is usually only 4 or 5 digits, and the terminal usually initiates the dial sequence as soon as the retailer initiates the transaction. By the time you swipe your card and enter the PIN, the connection is already made.

I'm less clear on why SDLC protocol. I suspect it goes back to the early days of online banking when IBM had a large share of the market in banking terminals and ATMs etc, and the networking was IBM's SNA which used SDLC as the layer 2 protocol.

[delmadord]

there are semi-integrated mechanisms out there, they call them bucket printers. a typical bucket consists of a simple mech like the one in that POS terminal with a plastic paper holder bucket around it. Typically those are panel-mount and have either their own driver board or space for one.
The chipsets and the driver boards normally have windows/linux/... drivers with them, which means that you can hook a thermal printer to your PC or whatever OS platform...

Thanks for noting, will probably start own thread for it, because I can imagine what you are talking about and it is surely interesting and useful, but cant find any on the internet right now.

[mbendzick]

I'm thinking the big gold-plated pour on the first board shown in the unit is the lid to the fence on the next board down that didn't have a lid of its own.  Clever bit of shielding if you can get good gasketing between them.

[hamdi.tn]

i got this terminal for like 5$ and i said it will be good to open it and compare anti-tamper mechanism with the terminal dave show in the video.

[hamdi.tn]

once opened it's a two board construction, one attached to the upper part of the case , the second board is to the lower part of the case.
No obvious anti-tamper here, and the back up coin cell is directly exposed ... this no good as protection i guess

[hamdi.tn]

there is a missing part when i bought the thing, i guess some program card or something that go in there cause the unit say software missing when powered-up

[hamdi.tn]

And here an anti-tamper identical to dave's terminal.

[hamdi.tn]

Other photographs to show the thing, processing and stuff , if anyone is curious about some detail tell me 

[hamdi.tn]

other pic

[hamdi.tn]

and other

[SeanB]

Did one, and still have another to take to pieces. There are a lot of battery backed microprocessors in there, everything including the printer and modem has one. Also has some nice crypto chips in there, but I cannot decap them to look, though if there is anybody who can I can send a few out of payphones for then to open.

[BezITAD]

I am sorry to bump this one up, but I had an important question to ask in regards to this specific teardown. If this is the wrong place to ask, feel free to delete.

So, my question, is:

If an eftpos terminal were to be grinded up for decommission, would the airborne dust or the smoke caused by spot fires resulting from internal lithium batteries inside such units be dangerous to someones health?

Background:
For 3.5 years I worked for a company that did computer recycling. My role at the company was equipment testing, documentation and data wiping. However, for the last 1 year of my employment at this company, they rolled a larger shredding machine into the building, placed it next to my work bench, and decided to grind up eftpos terminals inside it. Many of these were the newer wireless models which contained battery packs plus an internal battery.

On any given day when the machine was in operation, the entire building was full of smoke, the fumes from the lithium was incredibly disturbing. So, I am interested in a bit of feedback, the units contain a lot of different things, the key chip is surrounded in a lattice of ceramics to avoid reverse engineering. I am told this key is programmed in a highly secure room and that all eftpos machines need to have this element destroyed before disposal.

The current:

It's been a handful of years since, and even though I am 38, my lung tests read as 70 years old. I don't smoke, do laps at the pool. Should I make the conclusion that damage has occurred? How significant?

[thm_w]

I am sorry to bump this one up, but I had an important question to ask in regards to this specific teardown. If this is the wrong place to ask, feel free to delete.

So, my question, is:

If an eftpos terminal were to be grinded up for decommission, would the airborne dust or the smoke caused by spot fires resulting from internal lithium batteries inside such units be dangerous to someones health?

Background:
For 3.5 years I worked for a company that did computer recycling. My role at the company was equipment testing, documentation and data wiping. However, for the last 1 year of my employment at this company, they rolled a larger shredding machine into the building, placed it next to my work bench, and decided to grind up eftpos terminals inside it. Many of these were the newer wireless models which contained battery packs plus an internal battery.

On any given day when the machine was in operation, the entire building was full of smoke, the fumes from the lithium was incredibly disturbing. So, I am interested in a bit of feedback, the units contain a lot of different things, the key chip is surrounded in a lattice of ceramics to avoid reverse engineering. I am told this key is programmed in a highly secure room and that all eftpos machines need to have this element destroyed before disposal.

The current:
It's been a handful of years since, and even though I am 38, my lung tests read as 70 years old. I don't smoke, do laps at the pool. Should I make the conclusion that damage has occurred? How significant?

Yeah that sounds terrible for your health. If they did not at the very least have proper air evacuation, thats going to be a serious problem.
Even with normal circuit boards we are talking about glass fiber and maybe lead dust.

I would get whatever records/evidence you can of this happening and report them.

No one here would have any idea of the damage, you'd have to visit a specialist. Whoever administered the lung test did not investigate further?

[BezITAD]

No air extraction, dust everywhere. There was no formal training in place, no hazards prevention. They dropped the machine in and then just ran it. I do believe they stuck a dust mask sign on the outside of the machine, but they never supplied any dust masks nor told anyone to wear them. They handed them out to the customer who came to video the machine in action.

[thm_w]

https://www.ohsa.com.au/services/dust-monitoring/ has a bit of info, its mostly targeted at mining.