Hackers Can Attack Gas Stations and Blow It Up.

0 0 Saturday, August 15, 2015 2015-08-15T21:15:00+05:30 Edit this post

Gas station system vulnerabilities can be exploited by hackers, with potentially serious consequences. Learn more about these risks in this article.

Anything can be hacked, not just cars, snipers, smartwatches or skateboards.


Hackers are attacking anything that is connected to the Internet and not even gas monitors are safe. Earlier this year hackers possibly affiliated with Anonymous were successful in hacking a Gas station, leveraging a vulnerability in internet connected Automated Tank Gauges (ATGs) that were used to monitor fuel tank inventory levels.

GasPot –a honeypot experiment by Trend Micro.

GasPot

In the wake of observing increased attacks on gas stations, researchers of Trend Micro, Kyle Wilhoit and Stephen Hilt set up a honeypot named "GasPot" to monitor the activities of hackers. And they observed a number of attacks on their GasPots within a period of six months, with US-based ones being the most targeted. Some instances were clearly for reconnaissance purposes as they were merely automated scanners pinging the monitors. It was also found that the hackers renamed the Gas-Pots such a way that it would appear to be hacked by some infamous hacking groups across the globe.

Country wise targeted Attacks.


GasPot were placed in several countries like Russia, Germany, Brazil, US, Great Britain, the United Arab Emirates, and Jordan. According to Trend Micro’s research, the most targeted gas tanks was US (44%), Jordan (17%), Brazil, Great Britain, and the United Arab Emirates (11%). Hackers began their attack and even shared the scripts on underground forums and text snippets on Pastebin. In another instance, a 2Gbps DDOS (distributed denial of service) attack was made on one of the GasPot located in Washington, possibly by Syrian Electronic Army(SEA).

Vulnerability in automated tank gauges (ATG)


Gas monitoring systems or automated tank gauges (ATG) keep an eye on fuel levels, volume, and temperature, among other stats. Many of them are easy to get into because they're not protected by passwords. ATGs can typically be programmed and monitored through a built-in serial port, a plug-in serial port, a fax/modem, or a TCP/IP circuit board. In order to facilitate remote monitoring over the Internet, ATG serial interfaces are often mapped to an internet-facing port. This opens door to potential trouble, especially since serial interfaces are rarely password protected.

Potential Risks


Trend Micro researchers warn that ATG cyber attacks could cause serious issues. Hackers can monitor one to find out when a facility is expecting the next fuel delivery or hold it hostage. They can and demand ransom and disrupt the activities. They can also fake fuel levels to induce overflow and put the lives of people in the area in danger.

Hackers might hack a Gas Station remotely and Blow It Up!


Hacking and executing commands in these systems can not only modify tank labels, but also tank levels and overflow limits, temperature compensation values, tank tilt and diameter values, and other units of measurement. Given certain conditions, attackers can, for instance, set a tank overflow limit to a value beyond its capacity, thus triggering an overflow. Since gas overflows are extremely dangerous because the liquids they contain are highly combustible. Thus by successfully manipulating these values, the possibility of a potential hacker blowing up a gas station is not negligible.

 You might be interested in: Hacking Team Data Breach-Overview Of Leaked data

Conclusion


Internet-connected devices worldwide can be found easily using services like Shodan. This puts not only personal & home Internet of Things (IoT) devices like routers, baby monitors, heating systems, but also surveillance cameras, traffic lights, medical equipment, and power plants too under the risk of attack. As per the researchers, it is better not to leave Supervisory Control and Data acquisition (SCADA) and ICS systems connected to the internet, unless absolutely necessary. If they really need to be, their security should be hardened so that access to them is extremely limited and private as these devices use the barest or no security barriers at all.

Source: The GasPot Experiment: Unexamined Perils in Using Gas-Tank-Monitoring Systems

Labels:

SHARE:

Twitter Facebook Google Pinterest

COMMENTS

BLOGGER
Name

Ad Network,3,adb,1,adblocker,1,Adblocker alternative,1,Adobe Flash Zero Day,1,Adware,1,Android,2,Android Reverse Engineering,1,Android vulnerability,3,Anonymous,1,Anonymous Browsing,2,Apple Hacking,2,Arp Poisoning,1,authentication bypass,1,Automated Tank Guage,1,Automatic Footprinting tool,1,backdoor credentials,1,BadWinmail,1,Banking trojan,1,bcmon,1,Best Adblocker,1,Best free cloud storage,1,Best Password Manager,1,Best TOR Alternative,1,Best VPN Provider,1,best VPN Rating,1,Bettercap,1,Bettercap tutorial,1,BitTorrent,1,BitTorrent Protocols,1,Browse safely,1,Car Hacking,1,Carbanak,1,ChatGPT,1,CIA,1,Circuit Fingerprinting.,2,cleartext cloud API,1,CloudFlare,2,Cobalt Strike,1,Covert Pentesting,1,Cracking Encryption,1,Cracking HTTPS,1,crapware,1,Credential Stealing,1,Credentials Sniffing,1,CreeHack,1,CryptDB,1,cryptography,2,cSploit,1,CSRF,1,custom recovery,1,Cydia,1,cygwin,1,Cypher System,1,Data Breach,1,Data Exfiltration,1,DDoS,2,DDoS Attack,3,Decrypting Tor traffic,1,Deep Web,1,DEF CON 23,2,disk encryption,1,DLL Injection Attacks,1,Dnstool,1,download torrents directly,2,DrDoS,1,DriveDroid,1,DuckHunter HID,1,Elevation Of Privilege,1,encryption,2,Ettercap,1,Exitmap,1,Exploitation,2,Fanny Worm,1,Financial APT,1,Flash Alternative,1,Forgot Windows Password.,1,fraud,1,Free Cloud Storage,1,Free LastPass Premium,1,Free Uptobox Premium Account,1,Free VPN,1,Free Zbigz Premium Account,2,Freedom App,1,GasPot,1,GenAI,1,GitHub,1,Giveaways,4,Hack Android,3,Hack Android Games,2,Hack Android In-App Purchase Non Root,1,Hack Cave,18,Hack Clash Of Clans,1,Hack Email,1,Hack Outlook,1,Hack Subway Surfer,1,Hack WiFi Android Without bcmon,1,Hack Windows 10,1,hacking android,6,hacking android pattern lock,1,Hacking Android PIN,1,Hacking Android Through Sound Waves,1,Hacking Cloudflare,1,Hacking CryptDB,1,Hacking electronics,1,Hacking embedded systems,1,Hacking Fridge,1,Hacking Gmail,1,Hacking IoT,1,Hacking KeePass,1,Hacking News,3,Hacking PayPal,1,Hacking Refrigerator,1,Hacking Team,1,Hacking tools,3,Hacking Tricks Android,5,Hacking WiFi With Android,3,Hacking Windows,4,Hacking Windows Password,1,HardSploit,1,HID Attack,1,Homomorphic Encryption,1,Honeypot,1,HORNET,3,How to hack baby monitors,1,How to hack gmail?,1,How to hack IoTs,1,How to hack MAC OS X,1,How To Hack WhatsApp,1,how to install kali nethunter on any android device,1,How Tor Works,1,HTML5,1,ICS,1,Immobilizer,1,Increase Download Speed,1,Information Gathering,1,Install NetHunter,1,Install NetHunter for any Device,1,Internet Of Things,1,Internet Privacy,2,Introduction To Penetration Testing,1,iOS 9,2,iOS hacked,1,IoT,3,IoT Security Audit Tool,1,Jailbreaking,1,Kali Linux,2,kali linux nethunter for android,1,Kali NetHunter,4,Kali NetHunter Nexus 5x,1,Kali NetHunter Sony,1,kali nethunter windows installer,1,KeeFarce,1,Kemoge,1,LastPass Premium Giveaway,1,LastPass Premium Subscription 2016,1,lenavo,1,LinkedIn,1,Lizard Squad,1,Lizard Stressor,1,LLama3,1,LSE,1,Mabouia,1,Mac OS X Hacking,1,Malicious JavaScript,1,Malware,4,Man In The Middle Attack,4,MANA Wireless Toolkit,1,Megamos Crypto Transponder,1,MITM,5,Mount Manager Bug,1,Mozilla Firefox,1,MSOffice,1,Netflix,2,Netflix Stethoscope tool,1,NetHunter Devices,1,nethunter install guide,1,NetHunter Nexus 5x,1,NetHunter Tutorial Nexus 5x,1,nethunter tutorial pdf,1,Nord VPN,1,nsISpeculativeConnect,1,NTP Vulnerability,1,Offensive Security,1,Office Exploit,1,OLE,1,Onion Encryption,1,Onion Routing,1,OpenSource,2,Outlook Exploit,1,Overt,1,Penetration Testing,1,Penetration Testing Tutorial,1,Penetration Testing With KaliLinux,1,Penetration Testing With Metasploit,1,Pentest Report,1,Phases Of PenTesting,1,Phishing,1,PINlogger,1,Post Exploitation,1,PowerMemory,1,PowerShell,1,pre-fetch,1,Prevent In-App purchase hacks,1,Privacy,1,Private VPN,1,privilege escalation,2,Python,1,Quantum Cryptographic Communication,1,quantum physics,1,ransomware,2,read forbes with adblock,1,read toi with adblock,1,Reaver,1,Reflected File Download Vulnerability,1,Reflective,1,Reflective DDoS Attack,1,Remote Code Execution,2,Remote exploit,2,remove ads toi,1,RfA,1,RFD,1,RFID,1,RIFFLE Tor Alternative,1,RIPv1 Protocol,1,Root Nexus 5x,1,Rooting,2,Rootkit,1,Router Keygen,1,SCADA,1,SEA,1,Searchsploit,1,Security News,40,Security Tools,5,Selfhosted,2,Shodan,1,SilverPush,1,Sleepy Puppy,1,Smartphone Sensor hack,1,Smartphones,4,Smartphones hacking,1,soft and hard brick,1,speculative connect API,1,SpiderFoot,1,Sponsored,1,StageFright,2,StageFright 2.0,1,stethoscope tool implimentation,1,Stored XSS,2,StuxNet,1,Superfish,1,surveillance,1,Task hijacking Attack,1,TCP injection.,1,The Basics Of Penetration Testing,1,The Hacking Team,1,Threat Modeling,1,Tor,3,TOR Alternative,4,Tor Exit Relay,1,Tor Guard,1,Tor Hacked,3,torrent to direct converter,2,torrent to IDM,1,tow factor authentication,1,Trend Micro,1,Tutorial,11,TWRP,1,TWRP Nexus 5x,1,Types Of Pentest,1,Types Of XSS Vulnerability,1,uBlock,1,Unlock Bootloader guide,1,Unlock Bootloader Nexus 5x,1,unlock pattern lock android,2,User Focused security,1,VPN Reviews,1,Vulnerability,3,Vulnerability Analysis,1,Vulnerability scanners,1,What is Kali NetHunter,1,WhatsApp Encryption,1,WhatsApp Hacking,1,Whatsapp phishing,1,WhatsApp Vulnerability.,1,WikiLeaks,1,Windows Backdoor,1,Windows Debuggers,1,XcodeGhost,1,Xss,3,XSS Scanner,1,XTEA,1,Zbigz cookie generator,1,Zbigz premium account no survey,1,Zimperium,1,
ltr
item
Hack Cave | Hacks unveiled: Hackers Can Attack Gas Stations and Blow It Up.
Hackers Can Attack Gas Stations and Blow It Up.
Gas station system vulnerabilities can be exploited by hackers, with potentially serious consequences. Learn more about these risks in this article.
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZeFdRri3QDj27rFZRnfGeXSaFqlwo_UiH9ISYWO8vJldO8COxjVBhuKb5y1CS19fXDHJY1wZzQtgLKvu5M6Yd7BluW_gvI8K6mwdP6RwL9ySdHuMltSZhNLTY7SFYcokYjDhCy9l5AmxG/w640-h328/image001.png
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZeFdRri3QDj27rFZRnfGeXSaFqlwo_UiH9ISYWO8vJldO8COxjVBhuKb5y1CS19fXDHJY1wZzQtgLKvu5M6Yd7BluW_gvI8K6mwdP6RwL9ySdHuMltSZhNLTY7SFYcokYjDhCy9l5AmxG/s72-w640-c-h328/image001.png
Hack Cave | Hacks unveiled
http://www.hackcave.net/2015/08/hackers-can-attack-gas-stations-and.html
http://www.hackcave.net/
http://www.hackcave.net/
http://www.hackcave.net/2015/08/hackers-can-attack-gas-stations-and.html
true
398744729202641828
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content