Not sure about this specific pump but this same thing happened in my town several months back and BT was used then too.
When it happened we found out that the pumps at the station in particular (and probably most) have a BT receiver tied to whatever little processor that runs the pump so either a station manager or someone servicing the pumps can access them with the right equipment, make internal adjustments etc.
In the case that happened locally to us. Someone hacked them the same way, then posted to Facebook and other social media sites to come get some free gas, etc.
All the pumps I've seen have a physical key protecting them too. They're supposed to unlock it in the morning and lock it when staff leave for the night. I'd guess these stations didn't do that?
I don’t know about that part. Just that it was all over the news when it happened here and I later read about the details as to how they did it.
I would have assumed the makers of the pumps would had put into them a little tighter security but then again look at some of these password and other web hacks we routinely see.
There's a convergence of issues. First, and probably foremost, users are idiots. So it has to be able to be operated by a 5 year with a learning disability. Second, implementing security costs money up front. It is cheaper to let the customer deal with the fall out, then do damage control on the cheap, and keep going. Third, users can't be assed to access things that a 5 year old with learning and physical disabilities and a peanut butter and jelly sandwich in one hand can't access. These are all typical issues stuff is engineered towards. This is why you see this same basic issue crop up over and over again.
Not sure about this specific pump but this same thing happened in my town several months back and BT was used then too.
When it happened we found out that the pumps at the station in particular (and probably most) have a BT receiver tied to whatever little processor that runs the pump so either a station manager or someone servicing the pumps can access them with the right equipment, make internal adjustments etc.
In the case that happened locally to us. Someone hacked them the same way, then posted to Facebook and other social media sites to come get some free gas, etc.
All the pumps I've seen have a physical key protecting them too. They're supposed to unlock it in the morning and lock it when staff leave for the night. I'd guess these stations didn't do that?
I don’t know about that part. Just that it was all over the news when it happened here and I later read about the details as to how they did it.
I would have assumed the makers of the pumps would had put into them a little tighter security but then again look at some of these password and other web hacks we routinely see.
There's a convergence of issues. First, and probably foremost, users are idiots. So it has to be able to be operated by a 5 year with a learning disability. Second, implementing security costs money up front. It is cheaper to let the customer deal with the fall out, then do damage control on the cheap, and keep going. Third, users can't be assed to access things that a 5 year old with learning and physical disabilities and a peanut butter and jelly sandwich in one hand can't access. These are all typical issues stuff is engineered towards. This is why you see this same basic issue crop up over and over again.