20
Be the First to Know What an Old Pro Thinks About U.S. Gas Stations
Over 5,000 apparatus used by gas stations in the U.S. to track their fuel tank amounts can be manipulated from the Internet by malicious attackers. These apparatus, known as automated tank gauges (ATGs), are additionally used to activate alarms in the event of issues including fuel spills, with the tanks. “Tank gauge malfunctions are considered a serious problem because of the regulatory and security problems which could apply.”
It is a standard setup used by ATG owners to track the devices remotely. “About 5,800 ATGs were discovered to be exposed to the Internet without a password,” Moore said.
Rapid7 chose to run the scan after being alerted of the issue by Jack Chadowitz, Kachoolie’s creator, a department of BostonBase that supplies risk-free tank gauge access services.
This functionality isn’t normally empowered, according to Moore, although some systems supply the potential to safeguard serial interfaces using a password. “Operators should think about using a VPN [virtual private network] gateway or other dedicated hardware interface to join their ATGs with their tracking service,” the researcher said. “Less-risk-free options include using source IP address filters or establishing a password on every serial port.”
The discovery comes at a time of increased examination of Internet-connected devices, particularly old ones and industrial facilities whose communication protocols were designed with little worry for security.
There are no comments.