Recent warnings from federal authorities, including the Cybersecurity and Infrastructure Security Agency and the FBI, highlight a serious threat to automatic tank gauge (ATG) systems across various industries. These systems are crucial for monitoring fuel and liquid levels, and for leak detection. The agencies noted that hackers are exploiting vulnerabilities in internet-exposed devices, employing command execution methods to disable alerts and obscure device monitoring.
Multiple access vectors have been identified, including authentication bypass and hardcoded credentials, which allow unauthorized access to management interfaces. Additionally, hackers can execute arbitrary code through operating system command execution and structured query language injection. Federal officials are advising operators to enhance security by disconnecting these systems from the internet, changing default passwords, and applying necessary security patches.
While the specific group behind these attacks has not been named, there are suspicions of a connection to hackers associated with Iran. Experts caution that while a hacker could disrupt ATG functions, they cannot cause actual leaks. The implications of compromised ATG systems extend beyond gas stations, potentially disrupting operations in agriculture and chemical storage, leading to broader impacts on food supply continuity.