Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Gas Pump Monitoring System Compromised in Attack: Trend Micro

The price of gas may have recently dropped well below the highs consumers have seen in recent years, but the cost of leaving an Internet-connected gas pump exposed can still be high.

The price of gas may have recently dropped well below the highs consumers have seen in recent years, but the cost of leaving an Internet-connected gas pump exposed can still be high.

Researchers at Trend Micro say they found evidence hackers have already turned their attention to these devices. Their finding follows reports last month that many automatic tank gauges used at gas stations were accessible over the web without any authentication. Automatic tank gauges (ATGs) are used to monitor fuel level, temperature and other parameters in a tank and are used to alert operators if there is a problem such as a fuel leak.

According to Kyle Wilhoit, senior threat researcher at Trend Micro, the firm found evidence an attacker had modified a pump-monitoring system in the U.S. The pump system was found to be Internet-facing and had implemented no security measures, he blogged.

“The Guardian AST Monitoring System is a device designed to monitor inventory, pump levels, and assorted values of pumping systems typically found in gas stations,” he explained. “The pump systems support a variety of products and data points to monitor within the device, which are often easily accessed through the Internet. These are typically deployed online for easy remote monitoring and management of gas providers.”

When investigating possible attacks, the researchers turned to the Shodan search engine and quickly uncovered evidence of tampered devices.

“The pump name was changed from “DIESEL” to “WE_ARE_LEGION,”” Wilhoit noted. “The group Anonymous often uses the slogan “We Are Legion,” which might shed light on possible attributions of this attack. But given the nebulous nature of Anonymous, we can’t necessarily attribute this directly to the group.”

According to Wilhoit, overall statistics from Shodan showed that more than 1,515 gas pump monitoring devices were exposed over the Internet worldwide, all of them lacking security controls to prevent unauthorized access. Ninety-eight percent of these devices are in the U.S. 

“An outage of these pump monitoring systems, while not catastrophic, could cause serious data loss and supply chain problems,” he blogged. “For instance, should a volume value be misrepresented as low, a gasoline truck could be dispatched to investigate low tank values. Empty tank values could also be shown full, resulting in gas stations have no fuel.”

Advertisement. Scroll to continue reading.

Last month, researchers at Rapid7 noted that ATG vulnerabilities could be used to potentially shut down thousands of fueling stations in the United States with minimal effort.

“Many ATGs can be programmed and monitored through a built-in serial port, a plug-in serial port, a fax/modem, or a TCP/IP circuit board,” Rapid7’s HD Moore blogged Jan. 22. “In order to monitor these systems remotely, many operators use a TCP/IP card or a third-party serial port server to map the ATG serial interface to an internet-facing TCP port. The most common configuration is to map these to TCP port 10001.”

The finding underscores the ongoing challenges of securing the Internet of Things. In a recent survey by Atomik Research and Tripwire, 88 percent of the respondents who work in IT in the energy industry said they were not confident in the secure configuration of industrial controllers, though only eight percent said they were concerned about those controllers being compromised by cyber-attackers. 

“Our investigation shows that the tampering of an Internet-facing device resulted in a name change,” Wilhoit added. “But sooner or later, real world implications will occur, causing possible outages or even worse. Hopefully, with continued attention to these vulnerable systems, the security profile will change. Ideally, we will start seeing secure SCADA systems deployed, with no Internet facing devices.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.