Cops suspect Detroit fuel station was hacked before 10 drivers made off with nearly 600 gallons ‘free’ gasoline

Cops suspect Detroit fuel station was hacked before 10 drivers made off with nearly 600 gallons ‘free’ gasoline

But experts aren't convinced...

By John Leyden for The Register

Police suspect that high-tech thieves may have hacked into a Detroit petrol station before stealing 600 gallons of fuel.

Local Fox News affiliate WJBK reported that the clerk was unable to shut off a pump that dispensed free fuel for 90 minutes. Ten vehicles took advantage of the issue to fuel up without paying, leaving the outlet down $1,800.

The clerk said the system was unresponsive, but he eventually managed to shut it down using "emergency kit" before calling the police.

Cops reckon the perps used a "remote device" to hack the pump and pull off the scam, which took place in broad daylight at around 1:00 p.m. on June 23, 2018, at a suburban gas station about 15 minutes from downtown Detroit. Police are investigating the drivers involved whose cars may have been caught on CCTV.

The cops told reporters that whatever device allowed the pumps to dispense fuel without charging customers was also used to stop the pump from being switched off from the gas station system-side.

Technical details are scant. In the absence of anything solid, cybersecurity experts offered a more prosaic explanation.

"It could just be a faulty pump," computer security researcher David Litchfield told The Register.

Nigel Tolley added, dismissively: "A six-foot-long drillbit and a pump with a hose would've got way more."

Elsewhere in petrol-pump-tech-gone-wrong news, many BP stations across the UK experienced a three-hour point-of-sale system outage on Sunday afternoon. Customers were asked to pay by cash during the incident, which has now been resolved. The cause of the outage has become the focus of an investigation.

Bootnote

Security researchers have demonstrated hacks on gasoline management systems before. TrendMicro warned more than three years ago that gas-monitoring systems used in fuel stations were easy to find using Shodan, the Internet of Things search engine. Many systems were not password-protected, as The Register reported at the time.

More recent research by Ido Naor, a senior researcher at Kaspersky Lab, and Amihai Neiderman, formerly of Azimuth Security, warned that gas station software vulnerabilities created a means for hackers to steal fuel, change prices, and erase audit logs.

Read the original article online at The Register.