Detroit man steals 800 gallons using Bluetooth to hack gas pumps at station::undefined

  • Erasmus@lemmy.world
    link
    fedilink
    English
    arrow-up
    83
    ·
    1 year ago

    Not sure about this specific pump but this same thing happened in my town several months back and BT was used then too.

    When it happened we found out that the pumps at the station in particular (and probably most) have a BT receiver tied to whatever little processor that runs the pump so either a station manager or someone servicing the pumps can access them with the right equipment, make internal adjustments etc.

    In the case that happened locally to us. Someone hacked them the same way, then posted to Facebook and other social media sites to come get some free gas, etc.

    • abhibeckert@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      ·
      edit-2
      1 year ago

      All the pumps I’ve seen have a physical key protecting them too. They’re supposed to unlock it in the morning and lock it when staff leave for the night. I’d guess these stations didn’t do that?

      • Cethin@lemmy.zip
        link
        fedilink
        English
        arrow-up
        24
        ·
        1 year ago

        From everything I know about locks in important places, all pumps probably use the same key. You can probably buy that key online. I know this is true for elevators and those boxes for entering buildings, and Crown Vic police cars (and the taxis they’ve become after being sold), and many other things.

        • thoughtorgan@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Lol this is not true for crown Vic cop cars at all. I used to own one. They have car keys just like anything else from the era

            • thoughtorgan@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              It’s not all the “same” key like you make out out to be. Yes it’s a fleet vehicle, and yes all vehicles in the same fleet may have the same key. But no, not all ignitions of all Vic cop cars are not the same at all.

              • Cethin@lemmy.zip
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                Now you’re just being pedantic. Sure, not every one of them used the same key, but each municipality used the same key for their vehicles most of the time. One of then in particular was very common.

                • thoughtorgan@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  It’s not as simple as just buying a key online like you make it out to be. This is not a vending machine that has a universal key that works for pretty much everything, the keying on a fleet can be the same, but it’s just like any other car key. Some fleets had wildly different keying, you’d have to go through 20 plus keys before you even got something that was probably similar enough to even start the ignition.

      • Erasmus@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        I don’t know about that part. Just that it was all over the news when it happened here and I later read about the details as to how they did it.

        I would have assumed the makers of the pumps would had put into them a little tighter security but then again look at some of these password and other web hacks we routinely see.

        • WHYAREWEALLCAPS@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          There’s a convergence of issues. First, and probably foremost, users are idiots. So it has to be able to be operated by a 5 year with a learning disability. Second, implementing security costs money up front. It is cheaper to let the customer deal with the fall out, then do damage control on the cheap, and keep going. Third, users can’t be assed to access things that a 5 year old with learning and physical disabilities and a peanut butter and jelly sandwich in one hand can’t access. These are all typical issues stuff is engineered towards. This is why you see this same basic issue crop up over and over again.

        • ipkpjersi@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          You’d be surprised how many times “good enough” is considered “good enough” when it comes to IT and security, even when it’s really the bare minimum.