Anything can be hacked,not just cars,snipers,smartwatches or skateboards


Hackers are attacking anything that is connected to Internet and not even gas monitors are safe. Earlier this year hackers possibly affiliated with Anonymous were successful in hacking a Gas station, leveraging a vulnerability in internet connected Automated Tank Gauges (ATGs) that were used to monitor fuel tank inventory levels.

GasPot –a honeypot experiment by Trend Micro.




In the wake of observing increased attacks on gas stations, researchers of Trend Micro, Kyle Wilhoit and Stephen Hilt set up a honey-pot named "GasPot" to monitor the activities of hackers. And they observed a number of attacks on their GasPots within a period of six months, with US-based ones being the most targeted. Some instances were clearly for reconnaissance purposes as they were merely automated scanners pinging the monitors. It was also found that the hackers renamed the Gas-Pots such a way that it would appear to be hacked by some infamous hacking groups across the globe.

Country wise trageted Attacks.


GasPot were placed in several countries like Russia, Germany, Brazil, US,Great Britain, the United Arab Emirates, and Jordan. According to Trend Micro’s research, the most targeted gas tanks was US (44%), Jordan (17%), Brazil, Great Britain, and the United Arab Emirates (11%). Hackers began their attack and even shared the scripts on underground forums and text snippets on Pastebin. In another instance a 2Gbps DDOS (distributed denial of service) attack was made on one of the GasPot located in Washington, possibly by Syrian Electronic Army(SEA).

Don't forget to check this post: Lenovo Caught Installing Rootkits In Their PCs !

Vulnerability in automated tank gauges (ATG)


Gas monitoring systems or automated tank gauges (ATG) keep an eye on fuel levels, volume and temperature, among other stats. Many of them are easy to get into, because they're not protected by passwords. ATGs can typically be programmed and monitored through a built-in serial port, a plug-in serial port, a fax/modem, or a TCP/IP circuit board. In order to facilitate remote monitoring over the Internet, ATG serial interfaces are often mapped to an internet-facing port. This opens door to potential trouble, especially since serial interfaces are rarely password protected.

Potential Risks


Trend Micro researchers warn that ATG cyberattacks could cause serious issues. Hackers can monitor one to find out when a facility is expecting the next fuel delivery or hold it hostage. They can and demand ransom and disrupt the activities. They can also fake fuel levels to induce overflow and put the lives of people in the area in danger.

Hackers might hack a Gas Station remotely and Blow It Up!


Hacking and executing commands in these systems can not only modify tank labels, but also tank levels and overflow limits, temperature compensation values, tank tilt and diameter values, and other units of measurement. Given certain conditions, attackers can, for instance, set a tank overflow limit to a value beyond its capacity, thus triggering an overflow. Since gas overflows are extremely dangerous because the liquids they contain are highly combustible. Thus by successfully manipulating these values, the possibility of a potential hacker blowing up a gas station is not negligible.

You might be interested in : Hacking Team Data Breach-Overview Of Leaked data

Conclusion


Internet-connected devices worldwide can be found easily using services like Shodan. This puts not only personal & home Internet of Things (IoT) devices like routers, baby monitors, heating systems, but also surveillance cameras, traffic lights, medical equipment, and power plants too under the risk of attack. As per the researchers, it is better not to leave Supervisory Control and Data acquisition (SCADA) and ICS systems connected to internet, unless absolutely necessary. If they really need to be, their security should be hardened so that access to them is extremely limited and private as these devices use the barest or no security barriers at all.

Source: The GasPot Experiment: Unexamined Perils in Using Gas-Tank-Monitoring Systems

Post a Comment

 
Top