[HD Moore] recently posted an article on Rapid 7’s blog about an interesting security problem. They’ve been doing some research into the security of automated tank gauges (ATGs). These devices are used at gas stations and perform various functions including monitoring fuel levels, tracking deliveries, or raising alarms. [Moore] says that ATGs are used at nearly every fueling station in the United States, but they are also used internationally. It turns out these things are often not secured properly.
Many ATG’s have a built-in serial port for programming and monitoring. Some systems also have a TCP/IP card, or even a serial to TCP/IP adapter. These cards allow technicians to monitor the system remotely. The most common TCP port used in these systems is port 10001. Some of these systems have the ability to be password protected, but Rapid 7’s findings indicate that many of them are left wide open.
The vulnerability was initial reported to Rapid 7 by [Jack Chadowitz]. He discovered the problem due to his work within the industry and developed his own web portal to help people test their own systems. [Jack] approached Rapid 7 for assistance in investigating the issue on a much larger scale.
Rapid 7 then scanned every IPv4 address looking for systems with an open port 10001. Each live system discovered was then sent a “Get In-Tank Inventory Report” request. Any system vulnerable to attack would respond with the station name, address, number of tanks, and fuel types. The scan found approximately 5,800 systems online with no password set. Over 5,300 of these stations are in the United States.
Rapid 7 believes that attackers may be able to perform such functions as to reconfigure alarm thresholds, reset the system, or otherwise disrupt operation of the fuel tank. An attacker might be able to simulate false conditions that would shut down the fuel tank, making it unavailable for use. Rapid 7 does not believe this vulnerability is actively being exploited in the wild, but they caution that it would be difficult to tell the difference between an attack and a system failure. They recommend companies hide their systems behind a VPN for an additional layer of security.
[Sable Wolf] tipped us off to his DYI desoldering station for under $70. We know we have seen this conversion before, but it hasn’t been featured on Hack a Day. [Sable Wolf’s] hack is unique and has added features that make building, cleaning and the overall longevity sounder. However, some kind of sound deadening housing would have to be built around the pump as it seemed uncomfortably loud in the video.
Some Chinese made desoldering stations are getting quite cheap so maybe it’s not worth the effort unless you can salvage more components for the build. Thanks to [Sable Wolf’s] detailed blog you can browse through his BOM and scrounge up the majority of these items from your salvage bins. A cheap but reliable desoldering station would be an extremely handy tool to have on your bench.
Follow long after the break to watch the video of the desoldering station in action.
As you may know I was on vacation in Chicago last week. I got a chance to jump on the blue line train from Chicago’s downtown loop for a short trip out to the Addison stop where I caught a quick bus ride over to one of Chicago’s hackerspaces: Pumping Station One. I was given a tour by some camera-shy members that were there when I popped in. The space had a large welding area with lots of equipment, metal lathes, metal brake and woodworking equipment. You name the shop tool, I think it was there. I even think I spotted a functioning scanning electron microscope! WOW!
The lower workspace was quite extensive. Yes, there’s a second-floor having sewing machines, vinyl cutters, 3-D printers and an entire room dedicated to electronics and robotics. Also, they are in the process of expanding to make the space even larger. If you’re in Chicago I recommend you check them out, it’s an amazing space and an easy commute from downtown.
I hope my iPhone video is good enough to show off their splendid space.
Follow along after the break to learn more and get a glimpse inside Pumping Station One.