Gas skimmers! Be careful at the pump!

Breaches in security through credit cards are becoming something of a more relevant issue with each passing day. Credit skimmers have been found more and more at gas pumps among other locations, swiping your credit card information, allowing the owner of the skimmers to gain access to your funds if your unaware.

Main reasons skimmers are becoming more common:

  • The cheap builds of skimmers allow them to be made in bulk. This allows for multiple caches to build up for the hackers, not needing to worry about replacing some that are discovered and removed.
  • Most skimmers have a common bluetooth broadcast name of “HC-05”. The password for these is usually 1234. It is best to avoid the pumps that have a connection point of this and let the workers at the location know.
  • The bluetooth module thats used in these easily made skimmers are a commonly used product thats involved in educational kits as well as legitimate products. To ensure the signal you’ve found is a skimmer, send the “P” character to the module over a terminal, and you receive an “M” back, its likely a skimmer program. Contact the workers of the establishment as well as the authorities if this is the case.

There is an free application that has been developed to help detect and alert someone of nearby skimmers. The application is called ‘Skimmer Scanner’ and scans nearby bluetooth signals for the “HC-05” title and checks its purpose. If the app finds a possible skimmer it will alert you, thats it, there will be no notification to any authorities, so be sure to let them know if you find one! The application is also opensource and available for Android, the link is here.

Skimmers are essentially man in the middle attacks. It takes upwards of about 30 seconds reportedly for someone to install this skimmer, combine this with ease of creation and that spells trouble for everyone!

Be on the look out for any curious bluetooth signals that fit the description and be sure to use the skimmer scanner app to help defend yourself! Dont become a victim!

After you’ve downloaded the app, why not give us a call and ask us about the other services we provide in terms of cyber security!