Posted on 01/30/2015 1:18:58 AM PST by Citizen Zed
Some 5,800 automated tank gauges, which monitor for fuel leaks and other problems with the tanks as well as fuel levels, recently were found sitting wide open on the Internet without password protection, leaving more than 5,000 gas stations in the US vulnerable to attackers who could remotely alter the alarm thresholds to simulate a leak, disrupt the fuel tank operations, and worst-case, wreak havoc by shutting down the gas stations altogether, researchers say.
Rapid 7 chief research officer HD Moore says his team scanned for the vulnerable devices after getting a heads up from Jack Chadowitz, president and CEO of Kachoolie and BostonBase Inc., who first detected the problem. "He wasn't sure if it was a serious problem" that went beyond his own clients, Moore says, so he reached out to Rapid 7, which conducted an Internet-wide scan for the devices with TCP port 10001 open to the Net.
Moore and his team sent a "get in-tank inventory report" request to all of the IPv4 addresses with an open TCP port 10001: In response, they got station names, addresses, numbers of fuel tanks, tank levels, and fuel types. While the overall discovery of vulnerable devices at 5,300 gas stations represents a mere 3% of the around 150,000 gas stations in the US, the finding is yet another example of the potential physical dangers of industrial systems and other devices exposed on the Internet.
"By swapping a metric [in the gauge], it would be easy for someone to cause some sort of havoc," Moore says.
Chadowitz, whose company provides monitoring services for gas stations and other businesses, says Vedeer-Root is the main vendor of these gauges, so it wouldn't take much for an attacker to wage a widespread assault.
(Excerpt) Read more at darkreading.com ...
It’s a good thing they are pointing it out publicly.../s
It’s a good thing they are pointing it out publicly.../s
What could possibly go wrong?
Nut-job Conspiracy Theory Ping!
To get onto The Nut-job Conspiracy Theory Ping List you must threaten to report me to the Mods if I don't add you to the list...
nicely played
IOW, the main vendor of these gauges has the list of all those who don’t use his product and knows how to shut them down. Uh, huh.
Sorry, but it’s PRETTY DAMN FUNNY if someone in Russia could hack-in and make a gas station owner dig out his tanks.
...perhaps people should become a bit more skeptical of “technology”, especially when they’ll end up in Chapter 7, should they get hacked.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.