In recent months, US gas prices have hit record highs, leading some people to believe that gas station hacks are a good idea.
Let me remind you that we also reported that Cyberattack disrupted operation of gas stations across Iran, and also that Agent Tesla spyware attacks oil and gas companies.NBC News reports that from March to July of this year, 22 people were arrested for “manipulating computers” that control fuel distribution, as well as using homemade devices that reduce the cost of gasoline.
Most of these hacks cannot be called high-tech. As a rule, it all comes down to the fact that equipment at gas stations in the US is strictly standardized and is supplied by only a few manufacturers, who often do not think about reliable protective equipment. What’s more, some hacking tools are freely available for purchase online.
According to journalists, since March, an increase in fuel thefts has been noted by every fourth owner of gas stations. For example, Len Denton, founder of startup Guardian Payment Solutions Corp., which makes security solutions for gas station security, says that gas station owners and law enforcement officials have recently reported a large number of cases of fuel theft.
Most U.S. gas stations use pumps made by Wayne Fueling Systems or Gilbarco Veeder-Root, he says, and hackers generally use just two hacking methods for this equipment (one for each of the two companies).
In the first case, the problem is that Wayne Fueling Systems equipment has a remote control feature that allows gas station owners and inspectors to easily access them. At the same time, sales of such “remotes” are not regulated in any way, and NBC News found that devices can even be bought on eBay.
It is worth saying that Wayne Fueling Systems equipment still requires remote users to enter a special key code to access the controls, but many gas station owners simply do not change the default code.
Journalists write that in one case, a burglar in North Carolina used such a “remote” to put a Wayne Fueling Systems pump into maintenance mode, which allowed gasoline to be dispensed for free. The criminal sold the resulting gasoline to the side. He is currently under arrest and awaiting trial.
The second hack is used against the Gilbarco Veeder-Root equipment by causing the pump to deliver much more fuel than it is tracking. This is because the pumps rely on a device called a pulse sensor to operate, which measures how much gasoline is coming out of the pump and tells you how much to charge the customer.
In this case, thieves use improvised devices that allow the pulse sensor to be fooled into registering only a portion of the dispensed fuel. For such a hack, an attacker would have to gain access to the pump panel and connect his device, but the issue is that Gilbarco Veeder-Root equipment often uses a standard key for this, which is also easily available on the Internet.
It is noted that gasoline is more often stolen at small, non-network gas stations, and then resold to other people. These stations typically have only a handful of people working at any one time, and the owners often cannot hire additional staff to improve security or install state-of-the-art surveillance equipment.
However, gasoline prices in the US began to decline and, perhaps, the activity of scammers who want to earn extra money on the crisis will decrease.