Slashdot Mirror

← Back to Stories (view on slashdot.org)

U.S. Gas Stations Vulnerable To Internet Attacks

Posted by Soulskill on from the many-points-of-failure dept.

itwbennett writes: Automated tank gauges (ATGs), which are used by gas stations in the U.S. to monitor their fuel tank levels can be manipulated over the Internet by malicious attackers, according to security firm Rapid7. "An attacker with access to the serial port interface of an ATG may be able to shut down the station by spoofing the reported fuel level, generating false alarms, and locking the monitoring service out of the system," said HD Moore, the chief research officer at Rapid7.

4 of 100 comments (clear)

  1. Re:Once more by Mr+D+from+63 · · Score: 2, Informative

    RTFA, they are not internet connected. They can be access over the internet if someone takes a device to the pump, connects to the serial interface, and connected to a gateway device to the internet.

  2. Re:Once more by BarbaraHudson · · Score: 4, Informative

    We have to ask why everything NEEDS to be internet connected. A local connection to the sensors will allow the station to determine when they need to refill said tanks. Not much point in putting it out there on the big scary internet. :D

    Because they want to get the need to have anyone working at the gas station - kind of like how truckers can fuel up using their cardpass at fuel depots where nobody works. It's all about getting rid of people. And on-site cash, since everyone will have to pay by credit or debit card.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  3. Re:Once more by BarbaraHudson · · Score: 5, Informative
    RTFA yourself: The 5800 cited already are connected to the Internet.

    In order to monitor these systems remotely, many operators use a TCP/IP card or a third-party serial port server to map the ATG serial interface to an internet-facing TCP port. The most common configuration is to map these to TCP port 10001. Although some systems have the capability to password protect the serial interfaces, this is not commonly implemented.

    Approximately 5,800 ATGs were found to be exposed to the internet without a password. Over 5,300 of these ATGs are located in the United States, which works out to about 3 percent of the approximately 150,000 [1] fueling stations in the country.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  4. Finally something I can comment on... by Anonymous Coward · · Score: 5, Informative

    I work for a company that sells, installs and maintains a ATG's by the top two manufacturers, Veeder-Root & Incon. We also offer a web service that polls and aggregates the data from our customer's ATG's. 98% of the >500 ATG's we have on our service are polled via TCP/IP and the remaining few are still modem connections. Of the TCP/IP polled ATG's the majority are through a secure VPN. Typically the only ones that are not are the smaller customers with only 1 - 3 gas stations. Depending on the model of the ATG, there are two access levels both of which have the ability to have a password. The first is read only and is limited to data retrieval such as inventory levels, alarm status, etc... this level is typically not password protected. The second level is for the programming interface, which is what the article is talking about. There is some fear mongering in the article, my guess is because they either want to cause fear or did not do enough research. The only way a station could be shut down through the ATG is if the ATG was installed in a fashion that allowed for it. This type of installation is known as positive shut-down; and basically means the pump wiring is feed through relays in the ATG and in the event a leak was detected, the ATG would kill power to the pumps. Most stations built after 2006 - 2009 (depends on when that particular state adopted Federal storage tanks regulations) are installed with positive shut-down through the ATG. Pre-2006 were not so much installed in this fashion. The article also states no special interface is needed to access the ATG's. That is only true for the current models being sold, which come with a built in web server for programming. The older models, of which is the majority installed do need special software to access the programming interface. The method that the security firm used: polled the internet for open port 10001 would not be able to determine if it was a direct connection to the ATG (newer models) or a serial to IP convertor (older models).

    I personally am the system admin for the the system we have in place for the polling and monitoring as well as the front end web service and have been so for 10+ years and I did chuckle a little at the article. There is very, very little to worry about in this regard. Other than shutting down a handful of stations, no real harm can be done such as creating a leak or causing some type of catastrophic failure.