Looking at gasoline prices today, it’s hard to believe that there was a time when 75 cents a gallon seemed outrageous. But that’s the way it was in the 70s, and when it tripped over a dollar, things got pretty dicey. Fuel theft was rampant, both from car fuel tanks — remember lockable gas caps? — and even from gas stations, where drive-offs became common, and unscrupulous employees found ways to trick the system into dispensing free gas.
But one method of fuel theft that escaped our attention was the use of CB radios to spoof petrol pumps, which [Ringway Manchester] details in his new video. The scam happened in the early 80s, only a few years after CB became legal in the UK but quite a while since illegal use had exploded. The trick involved a CB transceiver equipped with a so-called “burner,” a high-power and highly illegal linear amplifier used to boost the radiated power of the signal. When keyed up in the vicinity of dispensers with digital controls, the dispensing rate on the display would appear to slow down markedly, while the pump itself stayed at the same speed. The result was more fuel dispensed than the amount reported to the cashier.
If this sounds apocryphal, [Ringway] assures us that it wasn’t. When the spoofing was reported, authorities up to and including Scotland Yard investigated and found that it was indeed plausible. The problem appeared to be the powerful RF signal interfering with the pulses from the flowmeter on the dispenser. The UK had both 27 MHz and 934 MHz CB at the time; [Ringway] isn’t clear which CB band was used for the exploit, but we’d guess it was the former, in which case we can see how the signals would interfere. Another thing to keep in mind is that CB radios in the UK were FM, as opposed to AM and SSB in the United States. So we wonder if the same trick would have worked here.
At the end of the day, no matter how clever you are about it, theft is theft, and things probably aren’t going to go well for you if you try to pull this off today. Besides, it’s not likely that pumps haven’t been hardened against these sorts of attacks. Still, if you want a look inside a modern pump to see if you can find any weaknesses, have at it. Just don’t tell them where you heard about it.
Did it really work?
I heard many times of the owner of a dog who lived next door to someone’s uncle’s third-cousin twice removed who used a CB with boots to reset the pump price to zero.
Never knew if it was true or not, but it apparently lead to the banning the use of radio transmitters on the forecourts of petrol ststions under the guise of “safety”.
It’s entirely feasible given the technology of the time – note that this isn’t a sophisticated attack, and the pumps aren’t complex. All you needed to do is jam the signal on the single wire carrying the pulses from the flow sensor, and blasting RF at it is something well within the reach of a ham, but not so common that manufacturers were defending against it yet.
And it didn’t have to be an inherent issue in every pump – there could have been particular models that were more vulnerable than others.
There’s no difference between an AM and FM signal when not modulated, shouldn’t make a difference.
But SSB would be basically “nothing” unmodulated, not carrying any audio (if the carrier is properly filtered out), or am I missing something?
AM has half the carrier of FM on a transceiver. But otherwise very plausible!
I am a ham, and have tripped off a pump while transmitting on 2m with 50w. No free gas, just the pump stopped pumping. I had to tell the guy to keep going because it wasn’t full. (NJ still has full service) The pump was in the near field of the antenna which likely induced many volts into the electronics.
Likely the pump electrically coupled with the ground plane by contact with the vehicle. Those nozzles are grounded through the hose to prevent static arcing – or to at least eliminate potentials between the pump and vehicle.
In FM, the signal is at max. output all time when pressing PTT.
In AM, the signal is modulated only if there’s an audio signal on the source (when pressing PTT).
However, modulation can be positive or negative, in principle.
I would assume that louder audio signal=bigger RF, though.
Also, a carrier wave is sent both in AM and FM.
On SSB, the carrier wave is missing.
That’s why some linears have a switch for SSB and AM.
The AM circuit detects the carrier and goes into transmit mode, it’s working like a crystal radio. Also works for FM.
In SSB “mode”, the linear amp must detect the RF signal otherwise or
requires the transceiver to have a PTT line that goes to the linear amp.
I was a paramedic in the 80’s and crashed many a POS terminal and even a bank computer with a 5w handheld (154mhz FM). Late 80’s we got a Chevy truck ambulance where transmitting on the 100W radio would shift the transmission to neutral, zero the speedometer needle, and turn on the windshield wipers. Motorola and Chevy helped us work through the problem, but the Motorola engineers noted that the car companies were uninterested in the problems until they discovered that they could occur on the highway in vehicles NEXT to the one with the transmitter. Of particular note, they said they could lock up anti-lock brakes.
I would guess that the EMF was messing with variable-reluctance sensors. VR would drive the speedo so the needle zeroing makes sense. The neutral shift is odd but older transmissions would have overdrive triggered by the speedo so not totally impossible. Windshield wipers kicking on is a weird one, but perhaps VR was used as a precursor to LIM. ABS again would be driven by a set of VR sensors on each wheel, so that disruption makes sense too.
The big scam back in the 2000s, if I recall correctly from a hazy dream, was blocking the pumps internet access then using any non-valid credit or gift visa because it would pre-auth just fine. Might still work
We too used AM (Aunty Mary as we referred to it!) in the UK, through the early eighties. So had access to SSB too. We had one fun night where we convinced a gullible soul that we were on the Space Shuttle, just passing over his car and could see what he was up to. The story got embellished somewhat the next night in the pub… If we’d have known about that scam/hack, we’d have made use of it (possibly).
I once observed someone with a linear on their CB have the ability to make the lights at an intersection change by keying up, when the intersection was in “demand” mode in the middle of the night. The buried inductors picked up the signal, apparently, and the control logic interpreted it as the presence of a vehicle.
It worked out to about 100 yards from the intersection.
Ah, the good old days of bugger-all EMC requirements! :’D