Automatic tank gauges (ATGs) provide information on gasoline inventory and protect groundwater from gasoline leaks. Three years ago it was revealed that ATGs at approximately 5,000 US gas stations were exposed on the Internet, without password protection. Currently, according to a
recent scan, 5,635 gas stations with the same vulnerability have been found.
The initial research in 2015, led by HD Moore, then the chief research officer at Rapid7, was based on internet scans for devices with an open TCP port 10001. Trend Micro also conducted gas tank
research during the same year and found examples of hacker hijinks in the Guardian AST gas tank monitoring systems in various locations across the US.
The Trend Micro researchers reported detection of an internet-facing tank monitoring system at a gas station in Holden, Maine with the name "Diesel" which had mysteriously been changed to "We_Are_Legion." So, it was believed to either have been the work of Anonymous or someone using the hacking collective's slogan.
Some of the researchers' findings:
- In some cases hackers could exploit pump data by modifying it to the extent it could cause an explosion.
- For instance, a hacker could increase a tank's overflow limit to an amount beyond its capacity, which could cause the tank to overflow, possibly triggering an explosion.
...
......