SAN DIEGO (KGTV) - San Diego police believe a suspect may have used a device to remotely activate a gas pump, in order to steal gas. Police also report that it’s a device that can be purchased on the internet.
A manager of the Arco on 33rd and El Cajon Boulevard in Normal Heights says her store was hit. She says the suspect would sit in a car at the pumps and ask people if they wanted to buy discounted gas through him, rather than through the station. The manager tells 10News that the station only discovered the problem after a customer came inside and reported the suspect, saying something did not seem right about what he was offering.
Ted Harrington is a cyber-security expert with Independent Security Evaluators. He explains how these devices can be obtained through the internet. “Whether [they're] already built by people who sell them on the dark web or if it's someone who is smart enough to collect the different components to build [them] themselves, these types of tools are absolutely available,” he says.
ABC News released security video from a Chicago gas station in which police say a man may have used a remote device to sell gas that he hijacked from the station's pumps, allegedly filling up cars and pocketing the money while the cashier's computer showed nothing.
According to ABC, more often criminals purchase a stolen master key to unlock the pump, open it and enter the manufacturer's default code which turns off the station's computerized system of monitoring sales. Those default codes can sometimes be found online. Harrington says this applies to really any internet-connected device, like your home router. “If you want to access someone else's router, all you have to do is find the user manual that has the password in it for that particular device, and because people so frequently don't change passwords to things, this becomes an issue,” he adds.
10News has asked San Diego police for statistics on any local gas station hacking situations. We’re still waiting for a response.