this post was submitted on 03 Oct 2023
547 points (97.4% liked)

Technology

59377 readers
4059 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
547
Detroit man steals 800 gallons using Bluetooth to hack gas pumps at station (www.fox2detroit.com)
submitted 1 year ago by L4s@lemmy.world to c/technology@lemmy.world
88 comments fedilink hide all child comments
 

Detroit man steals 800 gallons using Bluetooth to hack gas pumps at station::undefined

you are viewing a single comment's thread
view the rest of the comments
[–] MeanEYE@lemmy.world 40 points 1 year ago (2 children)

It's like saying TCP has bad security. That is to say, pointless comparison. Bluetooth is just transport layer and security is done on higher level. This is most likely the classic example of "security through obscurity". Meaning they did nothing special and hoped no one will figure it out, just like recent TETRA vulnerability.

[–] carl_dungeon@lemmy.world 20 points 1 year ago (1 children)

Come on now! The pumps required you to enter the secret pairing code: “12345”

[–] BarrelAgedBoredom@lemm.ee 13 points 1 year ago

You fool! It was 00000, now you'll never have free gas!

[–] foggy@lemmy.world 17 points 1 year ago* (last edited 1 year ago) (1 children)

Transport layer is absolutely a security vulnerability vector.

TCP is absolutely low security if not configured correctly.

I don't know what it is you're trying to say. I agree that this instance was probably security through obscurity failing, but to say that Bluetooth, TCP, and other transport layer protocols are not security considerations is absolutely ridiculous (see for example, heartbleed). It's exactly the reason there are multiple versions of Bluetooth. It's why FTP is (should be) all but deprecated and SFTP and FTPS are standard. It's why Google doesn't index webpages without an SSL certificate.

USB is way safer

[–] MeanEYE@lemmy.world 0 points 1 year ago (1 children)

Of course wired connection is inherently safer than wireless. There's no question about it. And yes you can absolutely exploit at every layer of communication, but this here is not the case of exploiting Bluetooth as transport layer. It's simply someone not configuring anything or adding any additional verification and just hoping no one finds out.

[–] foggy@lemmy.world 0 points 1 year ago

Okay, but your claim that my comparing Bluetooth to USB being like comparing Bluetooth to TCP is misinformed at best.