Looking at gasoline prices today, it’s hard to believe that there was a time when 75 cents a gallon seemed outrageous. But that’s the way it was in the 70s, and when it tripped over a dollar, things got pretty dicey. Fuel theft was rampant, both from car fuel tanks — remember lockable gas caps? — and even from gas stations, where drive-offs became common, and unscrupulous employees found ways to trick the system into dispensing free gas.
But one method of fuel theft that escaped our attention was the use of CB radios to spoof petrol pumps, which [Ringway Manchester] details in his new video. The scam happened in the early 80s, only a few years after CB became legal in the UK but quite a while since illegal use had exploded. The trick involved a CB transceiver equipped with a so-called “burner,” a high-power and highly illegal linear amplifier used to boost the radiated power of the signal. When keyed up in the vicinity of dispensers with digital controls, the dispensing rate on the display would appear to slow down markedly, while the pump itself stayed at the same speed. The result was more fuel dispensed than the amount reported to the cashier.
If this sounds apocryphal, [Ringway] assures us that it wasn’t. When the spoofing was reported, authorities up to and including Scotland Yard investigated and found that it was indeed plausible. The problem appeared to be the powerful RF signal interfering with the pulses from the flowmeter on the dispenser. The UK had both 27 MHz and 934 MHz CB at the time; [Ringway] isn’t clear which CB band was used for the exploit, but we’d guess it was the former, in which case we can see how the signals would interfere. Another thing to keep in mind is that CB radios in the UK were FM, as opposed to AM and SSB in the United States. So we wonder if the same trick would have worked here.
At the end of the day, no matter how clever you are about it, theft is theft, and things probably aren’t going to go well for you if you try to pull this off today. Besides, it’s not likely that pumps haven’t been hardened against these sorts of attacks. Still, if you want a look inside a modern pump to see if you can find any weaknesses, have at it. Just don’t tell them where you heard about it.
Did it really work?
I heard many times of the owner of a dog who lived next door to someone’s uncle’s third-cousin twice removed who used a CB with boots to reset the pump price to zero.
Never knew if it was true or not, but it apparently lead to the banning the use of radio transmitters on the forecourts of petrol ststions under the guise of “safety”.
It’s entirely feasible given the technology of the time – note that this isn’t a sophisticated attack, and the pumps aren’t complex. All you needed to do is jam the signal on the single wire carrying the pulses from the flow sensor, and blasting RF at it is something well within the reach of a ham, but not so common that manufacturers were defending against it yet.
And it didn’t have to be an inherent issue in every pump – there could have been particular models that were more vulnerable than others.
Especially since the (illegal) linear amplifiers they would add were extremely crude and created all kinds of EMI
They’re still sold, I’ve got a couple claiming to be 150W and 300W respectively, even if they’re a fraction of that they’re very cheaply made (they were cheap to buy too) and with no concessions to EMI or other niceties.
It is possible. People got free long distance calls on phone starting in the 60s. A whistle toy from cereal box made this very easy and popular before telephone changed the system which made 2600Hz signal obsolete and ineffective
There’s no difference between an AM and FM signal when not modulated, shouldn’t make a difference.
But SSB would be basically “nothing” unmodulated, not carrying any audio (if the carrier is properly filtered out), or am I missing something?
Ideally, a SSB transmitter will not output any power without audio. In reality, the carrier won’t be perfectly suppressed and there will be some amount of noise in the audio circuitry.
AM has half the carrier of FM on a transceiver. But otherwise very plausible!
I am a ham, and have tripped off a pump while transmitting on 2m with 50w. No free gas, just the pump stopped pumping. I had to tell the guy to keep going because it wasn’t full. (NJ still has full service) The pump was in the near field of the antenna which likely induced many volts into the electronics.
Likely the pump electrically coupled with the ground plane by contact with the vehicle. Those nozzles are grounded through the hose to prevent static arcing – or to at least eliminate potentials between the pump and vehicle.
50 W RF around gasoline fumes makes me nervous. It might be safe, but I’m still nervous. If you or someone else with more knowledge and skill has done the math on it and feel safe about it, let me know.
A decade or two back, gas stations had signs telling people not to use their cell phones while pumping gas. I assume that was for a good reason, not just OMG-hysteria or a lawyer’s making them do it because of a 1 in a billlion chance of starting a small fire.
Given how many people buy fuel every day, and the fact there’s no such thing as a small fire at a gas station, it’s entirely plausible they’d worry about a 1-in-a-billion chance.
There’s enough videos on youtube of people setting things off from static electricity and other “minor” things around fuel pumps or tankers.
In FM, the signal is at max. output all time when pressing PTT.
In AM, the signal is modulated only if there’s an audio signal on the source (when pressing PTT).
However, modulation can be positive or negative, in principle.
I would assume that louder audio signal=bigger RF, though.
Also, a carrier wave is sent both in AM and FM.
On SSB, the carrier wave is missing.
That’s why some linears have a switch for SSB and AM.
The AM circuit detects the carrier and goes into transmit mode, it’s working like a crystal radio. Also works for FM.
In SSB “mode”, the linear amp must detect the RF signal otherwise or
requires the transceiver to have a PTT line that goes to the linear amp.
Doesn’t matter whether the AM uses positive or negative modulation. Unmodulated carrier level is always set to half of maximum. With positive modulation, input signal then raises the carrier level at positive half-cycles, and lowers it at negative half-cycles. Vice versa with neg. modulation. FM carrier is always full power, modulation just changes its phase/frequency.
I was a paramedic in the 80’s and crashed many a POS terminal and even a bank computer with a 5w handheld (154mhz FM). Late 80’s we got a Chevy truck ambulance where transmitting on the 100W radio would shift the transmission to neutral, zero the speedometer needle, and turn on the windshield wipers. Motorola and Chevy helped us work through the problem, but the Motorola engineers noted that the car companies were uninterested in the problems until they discovered that they could occur on the highway in vehicles NEXT to the one with the transmitter. Of particular note, they said they could lock up anti-lock brakes.
I would guess that the EMF was messing with variable-reluctance sensors. VR would drive the speedo so the needle zeroing makes sense. The neutral shift is odd but older transmissions would have overdrive triggered by the speedo so not totally impossible. Windshield wipers kicking on is a weird one, but perhaps VR was used as a precursor to LIM. ABS again would be driven by a set of VR sensors on each wheel, so that disruption makes sense too.
I think the TL;DR is that many early electronics were really not built with any robustness to EMI or other real-world problems as they either weren’t well understood or weren’t really considered an issue (especially vs price) – it took a fair while for people to really realise and understand that ESD was a real problem with these new-fangled integrated circuits and you had to take it seriously – and it took longer for manufacturers to bite the bullet and integrate basic ESD protection into the chips and other devices rather than just telling everyone to handle with care.
That’s nuts. The details about how many things the 100W radio screwed up in your car is comical if taken from a proper distance. With how low-power all radios have gotten since those times, I wonder how many problems one could cause to crop up in modern cars and other hardware if one, say, fired up an illegal 100W spark gap transmitter next to them. Just as a test of course.
Likely it wouldn’t care, EMI and ESD protection and resilience has come a huge way since the 70’s and modern stuff is very well protected at multiple levels.
The big scam back in the 2000s, if I recall correctly from a hazy dream, was blocking the pumps internet access then using any non-valid credit or gift visa because it would pre-auth just fine. Might still work
We too used AM (Aunty Mary as we referred to it!) in the UK, through the early eighties. So had access to SSB too. We had one fun night where we convinced a gullible soul that we were on the Space Shuttle, just passing over his car and could see what he was up to. The story got embellished somewhat the next night in the pub… If we’d have known about that scam/hack, we’d have made use of it (possibly).
I once observed someone with a linear on their CB have the ability to make the lights at an intersection change by keying up, when the intersection was in “demand” mode in the middle of the night. The buried inductors picked up the signal, apparently, and the control logic interpreted it as the presence of a vehicle.
It worked out to about 100 yards from the intersection.
Ah, the good old days of bugger-all EMC requirements! :’D
I briefly worked for Matsushita Communication Industries, they send me on a training course covering GSM. The tutor mentioned that phone use at petrol stations is supposedly due to concerns that phones if dropped may start sparking and explode the petrol. He said the real reason is gen-1 phones were analogue and interfered with the radio link from pump to till.
I worked at MCUK (Matsushita Communication UK) aka Panasonic Mobilephones. Dealth with the F- and I-series ETACS phones and the EU2000 GSM phone. Greetsing fellow Matsushitite! OK, I’m sure there is a better description, but I can’t think of one yet :-D
You should each pick different brands and pretend to compete.
More of a software bug than hardware – In the mid 70’s, while working for Q1, I was overseas hardware/software support, and would travel several times a year to our distributor in Frankfurt, Germany. The local transit system had installed automated ticket vending machines that, it was discovered [by local school children], that if you pressed all the buttons, the machine would pay out all the coins in the unit.
I don’t know how long it was till that bug was fixed.
A buddy of mine had one of these devices connected to his CB radio in his truck. We pulled up to a Burger King and he keyed it up. Immediately all of their registers rebooted.