Hackers Have a New Favorite Target: Gas Stations

July 9, 2018, 1:24 PM UTC

Having shown that they can harvest your personal information and bypass the security of major corporations, hackers seem to have a new interest these days: Stealing gasoline.

Police in Detroit are looking into an apparent hack at a gas station that allowed people to steal more than 600 gallons of gas, valued at over $1,800. While technical details are scarce, the station attendant said he was unable to shut down the pump using usual methods.

Authorities believe the thieves used some sort of remote device to take control of the pump. At least 10 cars filled up for free during that time.

What sounds like an isolated incident is actually happening more than you might think. One week ago, police just north of Austin, Texas arrested a man for using an “elaborate” device to steal at least $800 worth of gas from a station that was closed at the time. And in June, a BP employee in New Jersey was arrested for allegedly manipulating gas pump computers to steal over $300,000.

Hackers, of course, have long used credit card skimmers at gas pumps to get drivers’ financial information. This is a new type of attack.

Security experts have long warned that gas pumps were vulnerable to hackers. In 2015, the loose hacker alliance Anonymous reportedly exploited vulnerabilities on Internet-connected gas pumps. That led TrendMicro to begin research that found pumps were easy to crack, due to flaws in the Internet-connected systems that track fuel levels and other component.

In March, Kaspersky Lab sounded another alarm about security flaws at gas stations, saying it found security gaps that could make over 1,000 stations vulnerable to hackers. The company mentioned in that report said at the time it had upgraded its software to strengthen its defenses.

The alleged hacks in Detroit and other areas come as gas prices continue to rise to their highest point in four years in some areas.