Thousands of internet-exposed fuel gauges could be hacked and dangerously exploited

“Experts that we have spoken with expressed specific concern about the ability for an attacker to change tank settings remotely,” the researchers said. “Alarms are very important for refilling operators to understand when the tank is about to be full and to have enough time to stop the refilling. Without alarms, the probability for a spill will increase significantly, which, depending on the type of fuel, could create a dangerous situation.”

Other attacks could involve reconfiguring the system, deleting values, or reflashing the device with faulty firmware which would result in the ATG system suffering downtime. Attackers could also obtain information about fuel consumption patterns which could help them prepare for other destructive attacks or allow them to make a tank disappear from monitoring entirely and then physically steal fuel from it.

“Among the organizations affected by these new vulnerabilities, we were surprised to find airports, government systems, manufacturing and utilities companies, to give some examples,” the researchers said. “One thing is clear, regarding ATG systems in general and these new vulnerabilities in particular: the US is the most affected country by far.”