By now, it should be common knowledge that almost any device connected to the internet is vulnerable to hackers, including gas stations. Apparently, several gas stations across the world, but more so in the US, are targeted by hackers on a regular basis, at least according to a recent experiment conducted by Trend Micro researchers Stephen Hilt and Kyle Wilhoit. The two researchers decided to set up a series of fake internet-connected systems named “GasPots”, which helped track a number of hacking patterns.
Over a period of six months, the GasPots were attacked several times, particularly in the United States. Some of these attacks were made for recon purposes while others were a bit more invasive as the hackers changed the network names to something else. Examples include “SEAcannngo” in a reference to the Syrian Electronic Army, and “H4CK3D by IDC-TEAM” – a message used by the Iranian Dark Coders Team. Earlier this year in February, a real gas monitoring system was hacked and its name was changed from “DIESEL” to “WE_ARE_LEGION”, which is odd as that’s the message usually associated with the Anonymous group.
Gas monitoring systems are used to keep track of a station’s fuel levels, temperature and volume, and they can’t really be used to cause any actual physical harm. However, they can be used by hackers to learn important information such as fuel delivery times, or to change the fuel levels to unreal values in order to induce overflow. Wilhoit and Hilt concluded that these kinds of systems should not be connected to the internet at all, but if they are, their security “should be so strong that access to them is extremely limited and private.”
Thank you Engadget for providing us with this information.