5,000 petrol stations in the United States under threat of cyber attack due to outdated equipment
Security experts have discovered vulnerabilities in ATG devices that monitor fuel levels at US gas stations. Theoretically, hackers are able to gain control over devices in order to shut off the fuel supply or cause false alarms, including leakage: in this case, all pumps are automatically shut off, which paralyzes the operation of the station. According to the study , with the help of an Internet attack, you can get control of up to 5,300 such sensors at gas stations in the United States. Communication protocols for equipment are outdated, and the station owners use regular routers and do not think about security.
Automated gauges show the amount of fuel at a gas station to let you know when it's time to order gas. Attackers can use the Internet attack to control the settings by making false messages or by shutting off the gas supply completely - saying that the tank is empty. If the device says that the tank is full, the gas station can simply be left without fuel - because no one will order it. In the worst case, an attacker can report a leak, which will shut off all pumps and paralyze the station.
As the researchers note, usual routers bought at Best Buy are often used at gas stations, so that after connecting to the network, station owners face the same problems as the average consumer. The problem is that these devices monitor the level of fuel in the tanks. Most of the stations do not belong to large corporations, but to private owners who are not interested in network security.
')
The most common sensors produced by the company Veeder-Root . These sensors can be protected by a six-character password, which is transmitted in unencrypted form and can be intercepted, but mostly the password is not used.
Among the main problems, researchers note outdated communication protocols developed for equipment about twenty years ago.
Automated gauges show the amount of fuel at a gas station to let you know when it's time to order gas. Attackers can use the Internet attack to control the settings by making false messages or by shutting off the gas supply completely - saying that the tank is empty. If the device says that the tank is full, the gas station can simply be left without fuel - because no one will order it. In the worst case, an attacker can report a leak, which will shut off all pumps and paralyze the station.
As the researchers note, usual routers bought at Best Buy are often used at gas stations, so that after connecting to the network, station owners face the same problems as the average consumer. The problem is that these devices monitor the level of fuel in the tanks. Most of the stations do not belong to large corporations, but to private owners who are not interested in network security.
')
The most common sensors produced by the company Veeder-Root . These sensors can be protected by a six-character password, which is transmitted in unencrypted form and can be intercepted, but mostly the password is not used.
Among the main problems, researchers note outdated communication protocols developed for equipment about twenty years ago.
Source: https://habr.com/ru/post/366009/
All Articles