Slashdot Mirror
US Gas Pump Hacked With 'Anonymous' Tagline
An anonymous reader writes Researchers at Trend Micro have uncovered a gas pump in the United States whose ID has been changed from 'DIESEL' to 'WE_ARE_LEGION' — the call-sign of the Anonymous hacking group. Following up recent revelations regarding the vulnerability of gas pump systems to online attackers, the researchers found 1,515 completely unprotected gas pump monitoring devices via the Shodan device-based search engine. The report notes that the exposed devices are capable of being protected via six-digit pins, but this security measure is not being used. The report concludes: "Our investigation shows that the tampering of an Internet-facing device resulted in a name change. But sooner or later, real world implications will occur, causing possible outages or even worse."
Can you change the price?
Can't wait to have internet connected devices all over my house!
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Anonymous owns your fridge, your eighty thousand pound Tesla, your PACEMAKER.
Take your Internet of Things and stick it up your arse. My shit might be stone age, but I OWN IT.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
TFA says that a Gas Pump Monitoring device was hacked, and the pic in TFA shows a screen capture from an inventory system. No mention is made of a Gas Pump being hacked. Thus the headline of TFS stating that a gas pump was hacked is pure click bait.
I am Slashdot. Are you Slashdot as well?
I don't get why these devices are on the Internet in the first place. If access is needed to read statistics, have an internal server scoop the info from the SCADA servers, hand it to a DMZ server, and the external applications use SSL with client authentication (both sides authenticate to each other using keys), to fetch the data, or if it has to be a person doing this, have a web server on the DMZ that is accessed via 2FA for this info. If the SCADA boxes have to be controlled through the Internet, then there is always a high security VPN that uses smart cards or USB crypto tokens.
One project I had a few years ago was to get data from manufacturing systems (systems which could be on the Internet, but at best, had security strapped on at the last moment... so they were not secure) to remote receivers. I ended up putting the systems on one isolated subnet with a Linux box that would scan them, then shove the data through a serial port with the Rx line cut (so it could only transmit, not receive.) The machine on the other end of the cable would take the data from the serial port and format it into useful reports, which wound up on a decently secure webserver.
No, this system wasn't fast, but it did the job where info could be read but a blackhat couldn't tamper with the isolated network without physical access.
Dude, you got it wrong. If you talk to god, it's called prayer. If god talks to you, it's called psychosis.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Yes. Mark 5:9 to be exact.
>>And Jesus asked him, “What is your name?” He replied, “My name is Legion, for we are many.”
I would, if I could.
You may rest assured, though, that it will be very, very hard to do so. For a few reasons that are quite obvious. One, adding such a gimmick is trivially cheap and since it's one thing you can add to the tickbox list of features, every item will have it. For reference, see cellphones and cameras. I don't want it, I don't need it, I would especially love to get it for our workers (for the obvious reason) but there is not a single cellphone that has no camera or where it is at least easily and permanently disabled that passes the other criteria.
Same will apply for appliances and internet connection. Few people will actually have a sensible use for it most of the time, but it's trivial to add, it's cheap to implement and since nobody uses it, you won't even have to make it work for more than what's necessary for the showroom presentation.
And then of course there's that other reason that the makers of the appliances want their gadgets to phone home and report back what you do and how to better annoy you with advertising. Here's a chilling little tidbit straight out of 1984... no, wait, 2015 and it's not a novel, it is actually a TV that spies on you. Or maybe I'm overreacting to the manual stating "Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition". Must be my paranoia, for sure.
You think fridge makers wouldn't want to know what kind of junk you eat, washing machines makers don't care how often and what kind of clothing you wash? It's all data that can be mined, sold and bought.
It will be very, very hard to avoid the internet of things. And it will even be harder to disable the crap in the appliances without throwing warranty away.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Or, and I'm just spitballing here, people could not commit a crime or go somewhere they're not supposed to be.
You know, personal responsibility, do unto others and all that other crap I keep reading on here about how we're supposed to be caring and understanding of our fellow humans.
If you think it's acceptable for someone to do whatever they want to someone else's property/equipment and not expect to be penalized, then I will be sure to do the same to you and expect the same treatment.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
I dunno, allowing someone to do open heart surgery on me who already once botched a similar operation concerning a rib transplant...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.