[ISN] Thousands of U.S. gas stations exposed to Internet attacks

http://www.csoonline.com/article/2874230/cybercrime-hacking/thousands-of-us-gas-stations-exposed-to-internet-attacks.html By Lucian Constantin IDG News Service Jan 23, 2015 Over 5,000 devices used by gas stations in the U.S. to monitor their fuel tank levels can be manipulated from the Internet by malicious attackers. These devices, known as automated tank gauges (ATGs), are also used to trigger alarms in case of problems with the tanks, such as fuel spills. “An attacker with access to the serial port interface of an ATG may be able to shut down the station by spoofing the reported fuel level, generating false alarms, and locking the monitoring service out of the system,” said HD Moore, the chief research officer at security firm Rapid7, in a blog post. “Tank gauge malfunctions are considered a serious issue due to the regulatory and safety issues that may apply.” Earlier this month, Moore ran a scan to detect ATGs that are connected to the Internet through serial port servers that map ATG serial interfaces to the Internet-accessible TCP port 10001. This is a common set-up used by ATG owners to monitor the devices remotely. […]