Petrol station security flaw could let hackers cause fuel leakages and steal cash

Published on: 28 Feb 2018

Petrol stations around the world have been left wide open to remote takeover from hackers due to a number of unknown vulnerabilities.

The security flaws were spotted by Kaspersky Lab in an embedded petrol station controller of which there are currently over 1,000 installed and online.

An intruder who exploited the vulnerabilities would be able to shut down all fueling systems, change fuel prices and even cause fuel leakages.

The flaw would allow them to circumvent payment terminals to steal money because the controller connects directly to the payment terminal, so payment transactions could be hijacked.

Vehicle license plates and driver identities could also be scraped using a petrol station’s CCTV footage.

Ido Naor, a senior security researcher at Kaspersky Lab, said: “When it comes to connected devices, it is easy to focus on the new and forget about products installed many years ago that might be leaving the business wide open to attack.

“The damage that could be done by sabotaging a petrol station doesn’t bear thinking about.”

Kaspersky Lab shared its findings with the manufacturer when the threat was confirmed and research is ongoing.