An alarming number of gas pumps could be vulnerable to cyberattacks, threatening to cut off driver supply to fuel, new research has claimed.
The research team behind Cybernews has uncovered results from the Shodan search engine, which lets users search for severs connected to the Internet, and suggests that nearly 6,000 gas pump controllers globally, including more than 4,000 across the US, are exposed.
Exposed controllers allow remote access for monitoring, however attackers could also gain unauthorized access which could see them tamper with settings including manipulating inventory stats to get away with fuel theft.
Gas stations cyberattack
Of the 5,860 exposed controllers, 4,323 are in the US, and a further 221 are in Puerto Rico, an island territory of the US. Other countries with exposed gas station pump controllers include Germany (156), Canada (149), Australia (139), Japan (132), and the UK (78).
Cybernews blames the age of the Internet of Things (IoT) – more connected devices simply results in a greater potential for expose and risk.
There could be greater implications, too. A successful attacker could, for example, block fuel supply in order to stop enemy movement during a war. Cybernews’s researchers commented on the broader digital war landscape:
“During a cyberwar, attackers may launch attacks on various targets to distract and overwhelm the defenders. Gas station controllers could be one such target to divert resources and attention away from more critical systems.”
The research highlights the need for all IoT devices, including gas pump controllers, to be maintained properly. Measures should include performing regular software updates and security patches, applying strong security to the network, deploying intrusion detection and monitoring systems, and even implementing physical safeguards.
