Hackable Holidays: Bluetooth scam hits drivers at area gas stations

A Bluetooth skimmer pulled from inside a gas station pump sits waiting to be analyzed at the D.C. Forensic Science Digital Evidence Unit. (WTOP/Megan Cloherty)

This is the fourth part of WTOP’s consumer series Hackable Holidays, which explores privacy concerns associated with smart devices and how consumers can better protect themselves this holiday season.

WASHINGTON — Hackers are striking gas stations around the D.C. region in a new scam where they attempt to access drivers’ personal information using Bluetooth.

Bluetooth comes standard in many new cars nowadays, and as the connectivity becomes commonplace at gas stations, hackers are using it to trick drivers into giving access to their phone.

Brianna Hahn with D.C.’s Department of Forensic Science Digital Evidence Unit is trained to identify and extract the data from the new Bluetooth skimming devices, which she said have been found at area gas stations recently.

“It stores the data and transmits the data using Bluetooth,” Hahn said.

Criminals are looking for drivers distracted by the mundane task of filling up their tank and hoping they’ll agree to join a new network that pops up on their phone’s screen while they wait.

“They usually try to name it something like iPhone — something not easily recognizable. Also, there are a lot of vehicles Bluetooth-enabled, so there are many networks you can connect to at a gas station,” Hahn said.

“Make sure the name associated with both your Bluetooth devices and your Wi-Fi are not names that you want public,” CBS News technology analyst Larry Magid said. He warned drivers to be wary of connecting to any generic, unlocked Wi-Fi.

Changing the name of your Bluetooth on your phone and car might be worth considering, Magid added, because it will make you harder for hackers to identify.

“Make sure you’re very careful, first of all, not to use a default password, because Bluetooth has a pin code, which is often 1234 or 0000. You might want to change that to a different number and, of course, to be very careful not to approve anything that tries to connect to you if you don’t know exactly who is trying to connect,” Magid said.

Use a credit instead of debit card at the gas station if you can, experts suggest, so you have more financial protection if someone manages to steal your card’s number.

Megan Cloherty

WTOP Investigative Reporter Megan Cloherty primarily covers breaking news, crime and courts.

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up