Detroit man steals 800 gallons using Bluetooth to hack gas pumps at station::undefined

  • @[email protected]
    link
    fedilink
    English
    321 year ago

    Wait so they haven’t caught them yet? The article gave no names. And why do these pumps have Bluetooth? You might as well put in a USB service port.

    • @foggy
      link
      English
      351 year ago

      USB is way safer lol.

      Bluetooth is notoriously bad with security. Especially Bluetooth 4 and earlier. I’d put money on a gas station pumps Bluetooth to not be using the most up to date protocol.

      • @MeanEYE
        link
        English
        511 year ago

        It’s like saying TCP has bad security. That is to say, pointless comparison. Bluetooth is just transport layer and security is done on higher level. This is most likely the classic example of “security through obscurity”. Meaning they did nothing special and hoped no one will figure it out, just like recent TETRA vulnerability.

        • @carl_dungeon
          link
          English
          291 year ago

          Come on now! The pumps required you to enter the secret pairing code: “12345”

        • @foggy
          link
          English
          19
          edit-2
          1 year ago

          Transport layer is absolutely a security vulnerability vector.

          TCP is absolutely low security if not configured correctly.

          I don’t know what it is you’re trying to say. I agree that this instance was probably security through obscurity failing, but to say that Bluetooth, TCP, and other transport layer protocols are not security considerations is absolutely ridiculous (see for example, heartbleed). It’s exactly the reason there are multiple versions of Bluetooth. It’s why FTP is (should be) all but deprecated and SFTP and FTPS are standard. It’s why Google doesn’t index webpages without an SSL certificate.

          USB is way safer

          • @MeanEYE
            link
            English
            21 year ago

            Of course wired connection is inherently safer than wireless. There’s no question about it. And yes you can absolutely exploit at every layer of communication, but this here is not the case of exploiting Bluetooth as transport layer. It’s simply someone not configuring anything or adding any additional verification and just hoping no one finds out.

            • @foggy
              link
              English
              -21 year ago

              Okay, but your claim that my comparing Bluetooth to USB being like comparing Bluetooth to TCP is misinformed at best.

              • @MeanEYE
                link
                English
                11 year ago

                My comment had nothing to do with Bluetooth vs. USB comparison. I only said Bluetooth is a transport layer and claiming it’s “notoriously bad security” is not all that correct since most of the security parts come on top of it. So in many ways Bluetooth is quite similar to TCP, at least from point of communication. From the software point of view, both with Bluetooth and TCP, you create a socket then send and receive data through it. Literally the same interface. Protecting data that goes through either method is meant to be done at that point be it with encryption, identity verification, whatever.

                Same thing applies to USB, but being physical it has added benefit of having to connect to it but that opens whole set of new potential issues. So it’s easier to physically protect it, but should that protection fail, you might end up in even more trouble.

                • @foggy
                  link
                  English
                  01 year ago

                  You can disable a USB port and require remote SSH to enable it.

                  USB is way safer.

                  • @MeanEYE
                    link
                    English
                    01 year ago

                    That then in turn complicates things and requires maintenance people to be educated, etc. It’s possible to do authentication and handshakes properly without complicating matters. It just wasn’t done.

                  • @jarfil
                    link
                    English
                    01 year ago

                    You can disable Bluetooth and require remote SSH to enable it… 🙄

                    BTW, have you heard about BadUSB?

        • @foggy
          link
          English
          -11 year ago

          Ah, brilliant. Another expert.

          Yes, it is how it works. Cheers.