IF ATTACKERS COULD cause a gas station’s tanks to overflow or prevent leak alarms from sounding, it could have devastating consequences—particularly if they struck multiple pumps in a region at once.
To see how real a threat that notion was, Kyle Wilhoit and Stephen Hilt from TrendMicro decided to set up a GasPot—a honeypot composed of virtual gas pump monitoring systems—to lure hackers and watch what they would do.
The work was inspired by Rapid7, which published a report earlier this year about finding 5,800 unsecured automated tank gauges accessible online. None of the systems—which belonged to gas stations, truck stops, and convenience stores primarily in the US—were password-protected.
Gas pump-monitoring systems vary in functionality, but they can include controls to set tank levels and overflow limits, monitor fuel-levels for inventory purposes and gauge the temperature of tanks. Some also detect leaks.
Remote attackers could take advantage of those controls in a few different ways. First, they could shut stations down by falsifying fuel levels to make it appear that tanks are low when they’re not, or they could change the “Unleaded” label on a tank to “Premium” or “Diesel,” causing confusion about inventory. They could also conceivably modify tank levels and overflow limits, potentially leading to dangerous spills. In 2009 in Puerto Rico, for example, a fuel tank exploded into flames and burned for three days after a computerized monitoring system failed to sense when the tank reached capacity during an automated refill.
The GasPot systems the researchers set up were designed to resemble Guardian AST (above-ground storage tank) monitoring systems made by Vedeer-Root. Guardian AST systems have been targeted in real-world attacks in the past by what appear to be hacktivists.