Detroit man steals 800 gallons using Bluetooth to hack gas pumps at station::undefined
So, how would this work exactly? For curiosity’s sake.
Not sure about this specific pump but this same thing happened in my town several months back and BT was used then too.
When it happened we found out that the pumps at the station in particular (and probably most) have a BT receiver tied to whatever little processor that runs the pump so either a station manager or someone servicing the pumps can access them with the right equipment, make internal adjustments etc.
In the case that happened locally to us. Someone hacked them the same way, then posted to Facebook and other social media sites to come get some free gas, etc.
All the pumps I’ve seen have a physical key protecting them too. They’re supposed to unlock it in the morning and lock it when staff leave for the night. I’d guess these stations didn’t do that?
From everything I know about locks in important places, all pumps probably use the same key. You can probably buy that key online. I know this is true for elevators and those boxes for entering buildings, and Crown Vic police cars (and the taxis they’ve become after being sold), and many other things.
I don’t know about that part. Just that it was all over the news when it happened here and I later read about the details as to how they did it.
I would have assumed the makers of the pumps would had put into them a little tighter security but then again look at some of these password and other web hacks we routinely see.
Off topic but the right crowd is here, would anyone be interested in starting a hardware security community? Edit: https://lemmy.world/c/hardwarehacking is live! It’s still a work in progress but all are welcome to join.
Yeah okay.
My hardware knowledge is limited to ruining many sets of alligator chips trying to dump a virus from an infected UEFI/rewrite the chip so that I’d have a usable motherboard and a nasty virus to poke and prod at.
I guess I’ve always managed to set an esxi server to route internet traffic through a PC so my IPS can get at it and drop the bad stuff. Still trying to figure out the SIEM piece.
And smart lights / plugs. Many, many many of those.
I’ve got a decade of experience as an AE in a very techy field though.
If it’s a choice between me and a homeless guy then I’m definitely the guy.
Was this article written by AI, because it’s disjointed as fuck.
Can’t have shit in Detroit… Not even coherent written articles.
Wait so they haven’t caught them yet? The article gave no names. And why do these pumps have Bluetooth? You might as well put in a USB service port.
USB is way safer lol.
Bluetooth is notoriously bad with security. Especially Bluetooth 4 and earlier. I’d put money on a gas station pumps Bluetooth to not be using the most up to date protocol.
It’s like saying TCP has bad security. That is to say, pointless comparison. Bluetooth is just transport layer and security is done on higher level. This is most likely the classic example of “security through obscurity”. Meaning they did nothing special and hoped no one will figure it out, just like recent TETRA vulnerability.
Come on now! The pumps required you to enter the secret pairing code: “12345”
Transport layer is absolutely a security vulnerability vector.
TCP is absolutely low security if not configured correctly.
I don’t know what it is you’re trying to say. I agree that this instance was probably security through obscurity failing, but to say that Bluetooth, TCP, and other transport layer protocols are not security considerations is absolutely ridiculous (see for example, heartbleed). It’s exactly the reason there are multiple versions of Bluetooth. It’s why FTP is (should be) all but deprecated and SFTP and FTPS are standard. It’s why Google doesn’t index webpages without an SSL certificate.
USB is way safer
