Hackers are using skimmers to steal credit card information at service stations

Share this…

Professionals explain that automatic tank gauges (ATG) give information about gasoline inventory and protect groundwater from gasoline leaks. A while ago, it revealed that ATGs in approximately 5,000 service stations were exposed on the Internet, without a password. Now, a scan found 5,635 service stations with the same vulnerability.


The initial research led by HD Moore, was based on Internet scans for devices with an open port TCP 10001. Trend Micro conducted research on gas tanks and found examples of hijinks hackers in Guardian AST gas tank monitoring systems. The information security experts reported on the detection of an Internet-oriented tank monitoring system at a service station, with the name “Diesel”, mysteriously changed to “We_Are_Legion”. So it is believed that it was the work of Anonymous.

The researchers had the following findings:

  • The hackers could exploit the pump data by modifying them to the extent that they could cause an explosion.
  • The overflow limit of a tank could be increased above its capacity, which could cause the tank to overflow, which could trigger an explosion.
  • Manipulation to allow free fuel.
  • Gas readings can be changed, which affects the bottom line of the gas station.
  • Several service stations could be closed by adjusting the fuel levels so that they appear empty at each station.

On the other hand, the use of skimmers at ATMs had been on the news for a while when malicious actors used them at the gas pump to steal credit card information. Now, these skimmers have appeared at service stations.

skimmer 1

So far, more than 300 skimmers were found at the pumps at the gas station in Florida alone. Many of them had Bluetooth enabled, while others were conventional skimmers.

Information security experts in New York found skimmer bombs that used cannibalized components to send stolen card data by text message. They commented that Bluetooth-based skimmers can be detected by anyone else with a mobile device, which is a drawback for malicious actors.

GSM-based skimmers can transmit stolen card data wirelessly via text messages, allowing thieves to receive real-time transmissions of card data anywhere in the world.

The information security experts commented that the places most affected by skimming activity are in the United States, although this activity also affects India, Mexico and the UK. ATG attacks accounted for 44 percent of the total number of attacks.