Posted inThreats & Vulnerabilities

When Automated Tank Gauges Become Cyberattack Playgrounds: Time to Unplug and Reassess

No Comments

In the endless parade of cyber threats, we’ve grown accustomed to tales of ransomware, data breaches, and AI-powered hackers breaking into high-profile systems. But while we’ve been busy protecting the obvious, there’s a silent threat flying under the radar: Automated Tank Gauge (ATG) systems. Yes, the same systems designed to monitor and manage fuel storage tanks across gas stations, airports, and even military bases.

As Bitsight TRACE recently reported, these humble, fuel-monitoring systems have been found with numerous vulnerabilities—wide open to anyone with malicious intent. Despite years of warnings, many ATG systems are still online, unsecured, and begging for trouble. And when things go wrong with ATGs, it’s not just data at risk. We’re talking fuel spills, physical damage, and environmental disasters. How did we get here? More importantly, how do we fix it before a hacker turns your local gas station into ground zero for a cyberattack?

ATG Systems: The Forgotten Workhorse of Critical Infrastructure

Let’s start with the basics. Automated Tank Gauging (ATG) systems are used to monitor the fuel levels, volume, and temperature in storage tanks. You’ve likely never thought about them—unless you happen to own a gas station or work at a facility that stores fuel. These systems are vital in gas stations but also extend to critical sites like hospitals, airports, and military installations. ATGs keep track of fuel inventory, sound alarms for leaks, and make sure we don’t end up with rivers of gasoline running through the streets.

That sounds good on paper—until you realize these systems, which control everything from fuel pumps to emergency shutoffs, are often connected to the internet. Why? Convenience, of course! Remote access and real-time monitoring are useful features, but when security takes a backseat, things get ugly fast. According to Bitsight TRACE, the situation is so dire that thousands of ATG systems are accessible online without even the most basic password protection.

Wait… ATG Systems Are Online? Without Passwords?

Yes, you heard that right. 5,800 ATGs in the U.S. alone are exposed to the internet, with no password. Just floating around the web, waiting for someone to tinker with them. And here’s where the story gets dark. Bitsight’s research uncovered multiple zero-day vulnerabilities in ATG systems from five different vendors. These vulnerabilities could allow attackers to gain full control of the systems, with the ability to cause everything from fuel spills to full-on system shutdowns. Let’s break it down.

Vulnerabilities That Would Make Your Jaw Drop

Bitsight’s findings revealed a wide variety of security flaws, from hardcoded credentials to SQL injection attacks that date back to the Dark Ages of cybersecurity. Yes, we’re talking about vulnerabilities that should have been patched a decade ago. Yet, here we are.

Some of the most alarming vulnerabilities include:

  • Authentication Bypass: Attackers can gain unauthorized access and do just about anything they want. Change fuel levels? Sure. Turn off alarms? Why not?
  • Command Injection: Hackers can send malicious commands to the system, allowing them to execute arbitrary code and gain complete control.
  • Hardcoded Credentials: Because nothing says “secure” like a default username and password hidden deep in the code. Anyone with basic knowledge can exploit these.

Take, for instance, CVE-2024-45066, a critical vulnerability with a perfect CVSS score of 10.0. Exploiting this allows attackers to take over the entire ATG system. They could make fuel tanks overflow, disable alarms, or just mess around with the system because, well, they can.

What’s the Worst That Could Happen? Physical Damage, for One

When we think of cyberattacks, we often picture stolen data or system downtimes. But with ATG systems, the consequences are far more tangible. These systems control physical processes like relays, valves, and pumps. So, what happens when someone gains control of these systems?

In the most extreme scenarios, hackers could:

  • Change tank settings, altering capacity or threshold levels, causing fuel spills or even tank overflows.
  • Disable critical alarms, leaving fuel tanks at risk of leaking with no one the wiser.
  • Shut down pumps or valves, which would effectively stop the flow of fuel at gas stations, airports, or hospitals—creating chaos.
  • Damage system components by rapidly toggling relays on and off, causing them to fail prematurely.

Imagine this: hackers reconfigure a fuel tank’s thresholds, making it seem emptier than it actually is. The refueling truck arrives, the operator starts refilling, and—boom! The tank overflows, spilling thousands of gallons of fuel into the ground, or worse, causing a fire.

In one chilling experiment, Bitsight TRACE found that a hacker could drive a relay at such a high speed that it would physically burn out within hours. This isn’t theoretical. It’s happening. Relays, pumps, and valves are designed to work within specific tolerances, and hackers could force them beyond their limits, causing real-world damage.

How Did We Get Here?

It’s tempting to ask, “How did we let something so crucial become so vulnerable?” The answer, sadly, is predictable: legacy systems and negligence.

  1. Legacy Tech: Many of these systems were designed decades ago, long before anyone thought to secure them from cyber threats. Back then, the internet wasn’t even part of the equation. ATGs were meant to be closed systems. But as businesses embraced the digital age, these systems were plugged into the web—without much thought to cybersecurity. Convenience over security, right?
  2. Ignored Warnings: Despite warnings from researchers going back as far as 2015, many organizations have dragged their feet. H.D. Moore and Trend Micro both raised red flags years ago. Yet here we are, almost a decade later, with more vulnerabilities than ever.
  3. Slow Vendor Response: Even when vulnerabilities are reported, fixing them isn’t easy. Vendors need to issue patches, but in the world of Industrial Control Systems (ICS), these patches are slow to arrive. Plus, many organizations using ATGs don’t have the expertise to apply them, leaving their systems exposed for months—if not years.

What Can Be Done? Fixing the Mess

It’s not all doom and gloom. There are steps organizations can take to secure their ATG systems and prevent cyber disasters. Here’s the action plan:

For Organizations:

  1. Disconnect ATGs from the Public Internet: This should be the top priority. These systems were never meant to be publicly accessible. Taking them offline dramatically reduces the risk of attack.
  2. Assess Security Posture: Conduct a thorough security audit of all ATG systems. If your ATG is online, you’ve got a problem.
  3. Use Firewalls and Access Controls: Don’t rely on the ATG’s native security (or lack thereof). Add extra layers of protection with firewalls and multi-factor authentication.
  4. Regular Patching: Ensure that all vulnerabilities are patched as soon as updates become available. Even better, demand regular patches from your vendors.

For Vendors:

  1. Secure by Design: ATG systems need to be designed with security in mind, not bolted on as an afterthought. That means encryption, robust authentication mechanisms, and regular security audits.
  2. Support Customers: Work with your customers to ensure they’ve secured deployed devices. Educate them about the risks of leaving ATGs exposed and help them implement best practices.
  3. Provide Timely Patches: Vulnerabilities need to be addressed quickly. Vendors must prioritize security patches and ensure that customers can easily apply them.

FAQs: Let’s Get Your Questions Answered

What’s the worst that could happen if an ATG system is hacked?

Besides the obvious risks of fuel spills, environmental disasters, and financial losses? An attack could shut down pumps, disable alarms, or cause massive operational disruptions at airports, gas stations, and even hospitals.

Can ATG systems cause real physical damage when hacked?

Absolutely. Hackers can manipulate relays, valves, and other hardware components, pushing them beyond their limits and causing them to fail. In extreme cases, this could lead to fuel spills, fires, or equipment failure.

Why are so many ATG systems still online and vulnerable?

The sad truth is that many organizations haven’t prioritized ATG security. Despite warnings for nearly a decade, many systems remain exposed to the internet with little to no protection.

Can these vulnerabilities be fixed?

Yes, but it will take a concerted effort. Organizations need to take immediate steps to secure their systems, while vendors must provide timely patches and build security into their designs moving forward.

Conclusion: Time to Take ATG Security Seriously

The reality is, ATG systems are more than just a cyber curiosity—they’re an integral part of critical infrastructure. And with thousands of ATGs left exposed to the internet, it’s only a matter of time before something catastrophic happens.

Organizations, it’s time to unplug, reassess, and patch those vulnerabilities. Vendors, you need to prioritize security before the next big cyberattack. Let’s avoid turning fuel management systems into the next big hacker playground, shall we?

If you’ve found this article helpful (or terrifying), feel free to leave a comment below, share it with your colleagues, or subscribe for more insights on keeping our infrastructure secure.

Tags:

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply