Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Actively Targeting Gas Pumps

Posted by Soulskill on from the time-to-stop-visiting-those-pumps-equipped-with-self-destruct-buttons dept.

An anonymous reader writes: Security researchers from Trend Micro wondered what kind of cyberattacks might target one of our most common and vital pieces of infrastructure: gas pumps. So, they set up some honeypots to find out if and how gas pumps were being attacked. The researchers ended up getting more than they bargained for. Between February and July, there were at least 23 distinct attacks on their honeypots alone (PDF). This included identifications, modifications, and DDoS attacks. "In their research, they found that a DoS or DDoS attack could disrupt inventory control and distribution, which means gas stations may not have enough supply on hand. Changing pump names could result in the wrong fuel being added to a tank—such as putting Unleaded inside Premium, or vice versa. Drivers wouldn't like that. Or changing the pump volume could result in tanks being underfilled."

6 of 123 comments (clear)

  1. With all these attacks, by Mr+D+from+63 · · Score: 4, Insightful

    You'd think we would see some actual disruption. Seems like pumps have adequate protection thus far.

    1. Re:With all these attacks, by TheCarp · · Score: 3, Insightful

      With the fact that they are talking about....connecting directly to the internet.... Seems they could have done this with a sniffer.

      Just read some logs, there are all manner of automated attacker out there searching for prey. Run sshd, you will begin getting root login attempts pretty quickly, and the party don't stop.

      Yes, looking for attacks coming down the inter-tube is like looking for bacteria in a pond. Yah, its there, lots and lots of it. That is hardly a newsworthy result.

      --
      "I opened my eyes, and everything went dark again"
    2. Re:With all these attacks, by drinkypoo · · Score: 4, Insightful

      Funny how we're so worried about supply lines being disrupted while our wallets starve the most.

      Funny how we're so worried about our wallets while we're raping mother earth with a rusty pick-ax.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  2. Re:Seriously ? by ShanghaiBill · · Score: 4, Insightful

    Have your staff report daily on the amount of gas sold, don't put this shit online for fucks sake.

    Stop overreacting. Putting it online saves labor, lowers costs, and has caused ZERO problems. The worst that could happen is that someday a few people get mispriced gas, or unleaded instead of premium (in which case 90% won't even notice because their car isn't designed to use high octane anyway). You should find something else to panic about.

  3. Re:Seriously ? by drinkypoo · · Score: 3, Insightful

    Remote read access: good idea
    Remote write access: bad idea

    Nobody should be able to change anything on the pump without physical access. At minimum, someone should have to flip a switch inside the pump to enable remote writes.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  4. Re:Regular vs Premium by west · · Score: 3, Insightful

    Honestly, unless your almost inhuman in disregarding your brain, you'll need to have someone fill up your car without telling you the octane, and then record your observations.

    We humans are correlation engines, and it would almost be proof of brain abnormality to not find a correlation, regardless of whether it's there or not.