Friday, August 14, 2009

Hacking The Pump?

Ever wonder how a gas pump works? They are fascinating pieces of technology that we all but take for granted. They mechanics are cool, but ultimately not that complicated. These days the "important" parts are done by computer. (The important part being paying for it.)
[HSW] As the gasoline travels upward into the dispenser, it passes through a flow control valve that regulates the gasoline's flow speed. It does this via a plastic diaphragm that gets squeezed more and more tightly into the pipe as the flow of gas increases, always leaving just enough room for the proper amount of gasoline to get through.

This pipe also contains the flow meter, which is a cast iron or aluminum chamber containing a series of gears or a simple rotor that ticks off units of gas as they pass through. Information about the gas flow is passed on to a computer located in the dispenser, which displays the metered amount of gas in tenths of a gallon.

In the 1970s, glowing LCDs in the form of seven-segment displays began to appear. (The segments in the display could be illuminated by computer to form various numerals and occasionally letters of the alphabet.)

These relatively simple user interfaces are gradually being replaced by full-fledged computer video displays, many running variations on operating systems like Microsoft Windows. These displays can offer information, display the amount of gas being sold and even run advertisements and carry on simple conversations with amused customers.
I actually find these computer / video displays really annoying. I just want to pump gas and leave. I don't want the news, the weather, or a car wash. Since I know a thing or two about computer [in]security, I'm always a bit skeptical about computerizing everything.

So imagine my somewhat amused surprise when I pulled in to fill up at the local gas shack and I see this:
If you look closely you can see this is a Windows computer. The task bar is the lighter bar at the bottom of the screen, the system tray is in the right hand corner, and there are 3 applications/windows open. There is a popup window in the middle of the screen with the classic "Do this / Cancel" combination. I wonder what it says?

If you squint hard (or click for larger image) at my still life with cell phone picture, you can make out the message "An updated version of LogMeIn has been downloaded and is ready for install. Click Update to install the new version now."

Remote access and desktop control to the gas pump? Interesting. Foolish, but interesting. Have these people never heard of EvilGrade, "a toolkit for exploiting products which perform online updates in an insecure fashion"?

Fake updates, plus remote desktop access to the gas pump. Wow. I'll bet nobody ever thought of hacking the pump before now.

It's not that far-fetched. Now I don't know if this computer is controlling the pump, or just the annoy-ware video, but it doesn't matter. I know you're sleeping better at night knowing that Micro$oft products may be controlling the gas pumps and your credit card number. I mean, what could go wrong?

No comments:


Related Posts with Thumbnails