Friday, April 26, 2024
Latest:
The Register 

Cops suspect Detroit fuel station was hacked before 10 drivers made off with 3k ‘free’ litres

TH Author

Updated Police suspect that high-tech thieves may have hacked into a Detroit petrol station before stealing 600 gallons (2,728 litres) of fuel.

Fox News affiliate WJBK reported that the clerk was unable to shut off a pump that dispensed free fuel for 90 minutes. Ten vehicles took advantage of the security hole to fuel up without paying, leaving the outlet down $1,800 (about £1,360).

The clerk said the system was unresponsive, but he eventually managed to shut it down using “emergency kit” before calling the cops.

Officers reckon the perps used a “remote device” to hack the pump and pull off the scam, which took place in broad daylight at around 1pm on June 23 at a suburban gas station about 15 minutes from downtown Detroit in the US. Police are investigating the drivers involved, whose cars may have been caught on CCTV.

The cops told reporters that whatever device allowed the pumps to dispense fuel without charging customers was also used to stop the pump from being switched off from the petrol station system-side.

Technical details are scant. In the absence of anything solid, cybersecurity experts offered a more prosaic explanation.

“It could just be a faulty pump,” computer security researcher David Litchfield told El Reg.

Nigel Tolley added, dismissively: “A six-foot long drillbit and a pump with a hose would’ve got way more.”

Elsewhere in petrol-pump-tech-gone-wrong news, many BP stations across the UK experienced a three-hour point-of-sale system outage on Sunday afternoon. Customers were asked to pay by cash during the incident, which has now been resolved.

The cause of the outage has become the focus of an investigation. ®

Updated to add

A Reg reader, who says he worked 10 years in tech support for the gas station industry, told us the suspected crooks may have put the pumps into a diagnostics-like mode, so that the equipment stopped reporting fuel pumping to the sales terminals. Our tipster explained:

Bootnote

Security researchers have demonstrated hacks on petrol management systems before. TrendMicro warned more than three years ago that gas-monitoring systems used in petrol stations were easy to find using Shodan, the Internet of Things search engine. Many system were not password-protected, as El Reg reported at the time.

More recent research by Ido Naor, a senior researcher at Kaspersky Lab, and Amihai Neiderman, formerly of Azimuth Security, warned that petrol station software vulnerabilities created a means for hackers to steal fuel, change prices and erase audit logs.

Sponsored: Minds Mastering Machines – Call for papers now open

READ MORE HERE