The Gaspot Experiment: How Gas-Tank-Monitoring Systems Could Make Perfect Targets for Attackers
Healthcare devices, industrial systems, web servers, traffic light control systems, home routers, and other programmable, interconnected devices are among some of the things that could be exposed and targeted by attackers—given that they have an Internet facing component. Because very little security is implemented in these devices, they make for perfect targets of opportunity.
As reported earlier this year, an automated tank gauge (ATG) could be accessed remotely by online attackers and possibly trigger alerts and shut down the flow of fuel. In addition, several Guardian AST gas-tank-monitoring systems have suffered electronic attacks, possibly driven by hacktivist groups like Anonymous. In a TrendLabs Security Intelligence Blog post, researcher Kyle Wilhoit outlines that “When investigating and hunting for gas pumps, attackers use a multitude of tools and techniques to find and track these devices. One of these tools which is quite prominent, is the site Shodan, which is a search engine for inter-connected devices. Queries in Shodan will show a multitude of data points including tank name, command issued, volume, height, water, and the temperature of the tank.”
Though we have previously discussed security issues involving Internet of Things (IoT) devices, unsecured industrial or energy systems and devices can result in critical errors and damage—such as massive outages and other real world implications.
The research paper The GasPot Experiment: Unexamined Perils in Using Gas-Tank-Monitoring Systems takes a closer look at how and why supervisory control and data acquisition (SCADA) and ICS systems can be attractive and possibly profitable venues for attackers. The paper also discusses the implications that highlight the lack of security awareness surrounding Internet-connected devices, especially when it comes to systems and devices like gas-tank monitoring systems that could result in real world ramifications.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report