Fuel storage is an essential part of global logistics. It is critical infrastructure and therefore a target for state-sponsored cyberattacks.
As with most things these days, many fuel depots have some form of internet technology to remotely manage fuel levels using Automated Tank Gauges (ATG) and research Bit view has warned that these systems have multiple critical vulnerabilities that could allow an attacker to gain complete control of the fuel storage, potentially causing physical and environmental damage and economic loss.
The company identified multiple critical zero-day vulnerabilities in six different ATG systems produced by five different companies. Despite multiple warnings about the potential for these systems to be easily attacked over the Internet, many remain online and unpatched, making them prime targets for hacktivists and state-sponsored attackers.
ATG Vulnerabilities
The Bitsight research outlines legacy vulnerabilities, such as those related to a particular protocol in ATG systems known as the Veeder-Root, Gilbarco, or TLS protocol. These protocols use an interface to communicate functions to the ATG, with many of the operational manuals describing various protocols that can be used. Some of these protocols can be abused by an attacker to modify network configurations, change volume and fill limit configurations, stop leak or pressure detection tests, and force the ATG into a denial of service (DoS) loop by repeating a remote reboot. DoS attacks can be extremely disruptive when executed on a massive scale, potentially taking entire regions’ fuel distribution infrastructure offline, impacting civilian, logistical, and military functions alike.
In terms of new vulnerabilities, Bitsight discovered 10 unique vulnerabilities in one week related to OS command injection, hardcoded credentials, authentication bypass, SQL injection, cross-site scripting (XSS), privilege escalation, and arbitrary file reading, with CVSS scores ranging from 7.5 to 10.
Using one of the protocol vulnerabilities the researchers discovered in Maglink LX4, they were able to force a relay to cycle on and off 50 times per second, fast enough to damage the relay itself and potentially the components around it. A relay damaged in this way could prevent detection and warning systems, such as ventilation systems, alarms, and pumps, from working properly.
Another potential use of ATG vulnerabilities is intelligence gathering. By monitoring the volume of fuel storage via ATGs, state-sponsored attackers can gain valuable information about fuel sales, delivery times, and when it is best to hit a fuel tank with a kinetic attack to cause the most damage.
