Thousands of U.S. gas stations exposed to Internet attacks

[InfoSec News <alerts () infosecnews org>]

http://www.csoonline.com/article/2874230/cybercrime-hacking/thousands-of-us-gas-stations-exposed-to-internet-attacks.html

By Lucian Constantin
IDG News Service
Jan 23, 2015

Over 5,000 devices used by gas stations in the U.S. to monitor their fuel 
tank levels can be manipulated from the Internet by malicious attackers.

These devices, known as automated tank gauges (ATGs), are also used to 
trigger alarms in case of problems with the tanks, such as fuel spills.

"An attacker with access to the serial port interface of an ATG may be 
able to shut down the station by spoofing the reported fuel level, 
generating false alarms, and locking the monitoring service out of the 
system," said HD Moore, the chief research officer at security firm 
Rapid7, in a blog post. "Tank gauge malfunctions are considered a serious 
issue due to the regulatory and safety issues that may apply."

Earlier this month, Moore ran a scan to detect ATGs that are connected to 
the Internet through serial port servers that map ATG serial interfaces to 
the Internet-accessible TCP port 10001. This is a common set-up used by 
ATG owners to monitor the devices remotely.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/