An alarming number of petrol pumps could be vulnerable to cyber attacks, threatening to cut off the driver’s supply of fuel, new research has found.
The research team behind it Cyber news has uncovered results from the Shodan search engine, which allows users to search for servers connected to the Internet, and suggests that nearly 6,000 gas pump controllers worldwide, including more than 4,000 in the US, have been exposed.
Exposed controllers allow remote access for monitoring, but attackers can also gain unauthorized access, allowing them to tamper with settings including manipulating inventory statistics to get away with fuel theft.
Cyber attack on gas stations
Of the 5,860 exposed controllers, 4,323 are in the US, and another 221 are in Puerto Rico, an island territory of the US. Other countries with exposed pump controllers at petrol stations include Germany (156), Canada (149), Australia (139), Japan (132) and the UK (78).
Cybernews blames the age of the Internet of Things (IoT) – more connected devices simply result in greater potential for exposure and risk.
There could also be greater consequences. For example, a successful attacker could block the fuel supply to stop enemy movements during a war. Cybernews researchers commented on the broader digital war landscape:
“During cyberwar, attackers can launch attacks against various targets to distract and overwhelm defenders. Gas station controllers could be such a target to divert resources and attention from more critical systems.”
The study highlights the need for all IoT devices, including gas pump controllers, to be properly maintained. Measures include performing regular software updates and security patches, applying strong security to the network, deploying intrusion detection and monitoring systems, and even implementing physical security.