Industrial Security
Thousands of filling stations can be tapped
Security experts from Kaspersky Lab have discovered a number of unknown vulnerabilities in an embedded system of which over a thousand units are installed and online in gas stations worldwide.
The vulnerabilities would enable hackers to gain control of affected systems via remote access. In many cases, the control unit was integrated into petrol stations more than a decade ago and has been connected to the Internet ever since. The control unit, which runs under Linux, works with high access rights and has a number of vulnerabilities that make both the device and connected systems vulnerable to attack. For example, the researchers were able to view and configure settings within the filling station system. Attackers who bypass the login screen and gain access to the main interfaces would be able to
- Turn off the fueling systems,
- change the fuel prices,
- cause fuel leaks,
- Bypass payment terminals to steal money (the control unit connects directly to the payment terminal so that payment transactions can be hijacked),
- Collect vehicle license plates and driver identities,
- execute code on the control unit
- or move freely around the filling station network.
A corresponding control unit was found as part of another, unrelated investigation. Ido Naor, security expert at Kaspersky Lab: "When it comes to networked devices, people tend to focus on new things and neglect products that were installed many years ago and could make their own company vulnerable to cyber attacks." With this in mind, he recommends that manufacturers of connected IoT devices consider security aspects as early as the product development stage and check old devices for potential security vulnerabilities. Users of networked devices should also regularly check the security of the devices and not rely on the factory settings.
You might also be interested in
Cyber protection is not enough in mechanical engineering
Feared and yet underestimated: Germany's mechanical engineering companies are aware of the danger of cyber attacks. However, not all companies in the medium-sized industry are sufficiently prepared for this, according to a survey by the VDMA...
read more...Germany is the best location for cloud providers
A study by the Business Software Alliance concludes that Germany is the most recommendable location for cloud providers when it comes to data protection. However, the top ranking is also linked to new parameters.
read more..."Most destructive and expensive cyberattack in history"
The ransomware 'Petya' paralyzed countless companies in June 2017. The USA and the UK have now officially named Russia as the perpetrator, who deliberately tried to attack Ukraine.
read more...The impact on production
The Spectre and Meltdown processor security vulnerabilities have made big waves. What is the risk for the computer systems used in production?
read more...On the road to success
The embedded scene will meet in Nuremberg from February 27 to March 1. The 16th edition of Embedded World is expected to set new records - both in terms of exhibitors and exhibition space.
read more...Everything about the EU General Data Protection Regulation
From 25 May 2018, companies will have to redesign their data protection organization. Get ready for the new EU data protection requirements and come to the practical training with Dirk Fromm, one of Germany's leading data protection experts, on...
read more...Software vulnerabilities at record high in 2017
More software vulnerabilities were discovered in 2017 than ever before - according to a study by the Hasso Plattner Institute. Director Prof. Christoph Meinel gives tips on how to protect yourself.
read more...'Safe for the future' panel discussion focuses on IoT
The Internet of Things will not be successful without secure systems. High-ranking experts will be discussing what needs to be done at embedded world. Register now!
read more...New leadership in Europe and the DACH region
Ilijana Vavan has taken over the position of Managing Director for Europe at Kaspersky Lab. As General Manager DACH, the top manager has also been responsible for the security company's business in Germany, Austria and Switzerland since January 2018.
read more...