0

Flaws in Gas Station Software Let Hackers Change Prices, Steal Fuel, Erase Evidence

via MOTHERBOARD

Gas stations lose millions of dollars annually to gas fraud. Most of this fraud occurs when thieves use stolen credit and debit cards to fuel vehicles, resulting in chargebacks to service stations.

But gas station owners in the US and elsewhere may have to worry about a new kind of fraud after two security researchers in Israel discovered multiple vulnerabilities in one automated system used to control fuel prices and other information at thousands of gas stations around the world.

The vulnerabilities would allow an attacker to shut down fuel pumps, hijack credit card payments, and steal card numbers or access backend networks to take control of surveillance cameras and other systems connected to a gas station or convenience store’s network. An attacker could also simply alter fuel prices and steal petrol.

Ido Naor, a senior security researcher with Kaspersky Lab, and Amihai Neiderman, a former researcher with Azimuth Security, discovered the vulnerabilities after the computer screen on a gas pump in Israel crashed one day last June as Naor was filling his tank and exposed a local IP address. The system turned out to belong to an Israeli company named Orpak Systems, which makes fuel-management software. Orpak’s system is used by commercial gas stations in Israel as well as by the military and large corporations to track gas consumption for their fleets of vehicles, to ensure employees and soldiers aren’t siphoning gas from work vehicles to fuel personal ones.

But Orpak, which makes both RFID vehicle-tracking systems and fuel-management systems, doesn’t just sell its systems in Israel; its software is installed in more than 35,000 service stations and 7 million vehicles in 60 countries, according to marketing literature. And last year, Orpak was acquired by Gilbarco Veeder-Root, a large North Carolina-based maker of gas pump and point-of-sale systems for convenience stores in the US and elsewhere.

Read more!


Join 4,000+ makers on Adafruit’s Discord channels and be part of the community! http://adafru.it/discord

Learn “How Computers Work” with Bill Gates, Ladyada and more – From Code.org !

CircuitPython in 2018 – Python on Microcontrollers is here!

Have an amazing project to share? Join the SHOW-AND-TELL every Wednesday night at 7:30pm ET on Google+ Hangouts.

Join us every Wednesday night at 8pm ET for Ask an Engineer!

Follow Adafruit on Instagram for top secret new products, behinds the scenes and more https://www.instagram.com/adafruit/


Maker Business — Pololu’s New Machines

Wearables — Glue for the occasion

Electronics — Disable unused channels!

Biohacking — Two Blood Meters to Start Your Biohacking Adventure

Get the only spam-free daily newsletter about wearables, running a "maker business", electronic tips and more! Subscribe at AdafruitDaily.com !



No Comments

No comments yet.


Leave a comment

Adafruit has a "be excellent to each other" comment policy. Help us keep the community here positive and helpful. Stick to the topic, be respectful of makers of all ages and skill levels. Be kind, and don't spam - Thank you!

Prove you are human by reading this resistor:

0Ω+/- 5%

0
0
1
2
3
4
5
6
7
8
9

0
0
1
2
3
4
5
6
7
8
9

0
0
1
2
3
4
5
6
7
8
9

5
5
10

Prove you are human by reading this resistor:


Match the sliders on the left to each color band on the resistor.

Click Here for a new resistor image.

New to electronics? Click here to learn how to read resistor values.

Or learn to read resistors by playing Mho's Resistance!