Hackers Share Fake Fuel Voucher Codes
- Publish Date
- Monday, 18 January 2016, 8:32AM
Kiwis are able to print their own fuel discount vouchers after hackers broke an algorithm and shared codes to get people savings at the pump.
The hack involving an algorithm Countdown developed for Z Energy stations was discussed at last month's Kiwicon computer security conference in Wellington.
"The petrol station had earlier disabled manual barcode entry at pumps to stop codes being shared online, but the researchers say fixing the flaw will require the algorithm to be re-written," The Register website reported.
The Register said two researchers generated the discount codes on platforms including an unpublished Android app, a barcode printer, and even T-shirts.
"In a demonstration at the Kiwicon security conference...the pair demonstrated how with the click of a button their smart watch application would produce codes that could be scanned at the pump for discounts up to 40 cents a litre," The Register added.
"They showcased a barcode printer spitting out valid discounts and finished the showmanship demonstration by scanning a tee-shirt printed with the manipulated code."
Countdown was aware of the issue.
"We have developed a technical solution to this issue, which we are rolling out," a spokeswoman said today.
She warned people against trying to scam the voucher scheme.
"Reusing, or duplicating these vouchers is a fraudulent act and petrol pumps are monitored for this activity."