Flaws in Gas Station Software Let Hackers Change Prices, Steal Fuel, Erase Evidence

via MOTHERBOARD

Gas stations lose millions of dollars annually to gas fraud. Most of this fraud occurs when thieves use stolen credit and debit cards to fuel vehicles, resulting in chargebacks to service stations.

But gas station owners in the US and elsewhere may have to worry about a new kind of fraud after two security researchers in Israel discovered multiple vulnerabilities in one automated system used to control fuel prices and other information at thousands of gas stations around the world.

The vulnerabilities would allow an attacker to shut down fuel pumps, hijack credit card payments, and steal card numbers or access backend networks to take control of surveillance cameras and other systems connected to a gas station or convenience store’s network. An attacker could also simply alter fuel prices and steal petrol.

Ido Naor, a senior security researcher with Kaspersky Lab, and Amihai Neiderman, a former researcher with Azimuth Security, discovered the vulnerabilities after the computer screen on a gas pump in Israel crashed one day last June as Naor was filling his tank and exposed a local IP address. The system turned out to belong to an Israeli company named Orpak Systems, which makes fuel-management software. Orpak’s system is used by commercial gas stations in Israel as well as by the military and large corporations to track gas consumption for their fleets of vehicles, to ensure employees and soldiers aren’t siphoning gas from work vehicles to fuel personal ones.

But Orpak, which makes both RFID vehicle-tracking systems and fuel-management systems, doesn’t just sell its systems in Israel; its software is installed in more than 35,000 service stations and 7 million vehicles in 60 countries, according to marketing literature. And last year, Orpak was acquired by Gilbarco Veeder-Root, a large North Carolina-based maker of gas pump and point-of-sale systems for convenience stores in the US and elsewhere.

Read more!


Have an amazing project to share? The Electronics Show and Tell is every Wednesday at 7:30pm ET! To join, head over to YouTube and check out the show’s live chat and our Discord!

Join us every Wednesday night at 8pm ET for Ask an Engineer!

Join over 38,000+ makers on Adafruit’s Discord channels and be part of the community! http://adafru.it/discord

CircuitPython – The easiest way to program microcontrollers – CircuitPython.org


New Products – Adafruit Industries – Makers, hackers, artists, designers and engineers! — New Products 11/15/2024 Featuring Adafruit bq25185 USB / DC / Solar Charger with 3.3V Buck Board! (Video)

Python for Microcontrollers – Adafruit Daily — Python on Microcontrollers Newsletter: A New Arduino MicroPython Package Manager, How-Tos and Much More! #CircuitPython #Python #micropython @ThePSF @Raspberry_Pi

EYE on NPI – Adafruit Daily — EYE on NPI Maxim’s Himalaya uSLIC Step-Down Power Module #EyeOnNPI @maximintegrated @digikey

Adafruit IoT Monthly — The 2024 Recap Issue!

Maker Business – Adafruit Daily — Apple to build another chip at TSMC Arizona

Electronics – Adafruit Daily — SMT Tip – Stop moving around!

Get the only spam-free daily newsletter about wearables, running a "maker business", electronic tips and more! Subscribe at AdafruitDaily.com !


No Comments

No comments yet.

Sorry, the comment form is closed at this time.