IoT security flaws are not relegated just to the digital world. Physical security can be just as important when dealing with IoT-based technologies. Researchers from the University of Illinois and San Diego State collaborated with the Secret Service to design and develop an application called Bluetana. Bluetana’s purpose is to check for credit card skimmers that are placed mainly within gas pumps at fueling stations. The skimmers steal card information and sell that information on the dark web. The article that follows describes how they work, and also lists how much money credit (and debit) card skimmers can earn depending on the type of information captured.
“Bluetana,” a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests. Data collected in the course of the investigation also reveals some fascinating details that may help explain why these pump skimmers are so lucrative and ubiquitous.
The new app, now being used by agencies in several states, is the brainchild of computer scientists from the University of California San Diego and the University of Illinois Urbana-Champaign, who say they developed the software in tandem with technical input from the U.S. Secret Service (the federal agency most commonly called in to investigate pump skimming rings).
Gas pumps are a perennial target of skimmer thieves for several reasons. They are usually unattended, and in too many cases a handful of master keys will open a great many pumps at a variety of filling stations.
The skimming devices can then be attached to electronics inside the pumps in a matter of seconds, and because they’re also wired to the pump’s internal power supply the skimmers can operate indefinitely without the need of short-lived batteries.