Image credit: pathdoc / Shutterstock.com
From energy efficiency in the smart home, enhancing entire healthcare systems, to state-of-the art farming techniques in agriculture and even advances in combatting climate change, the internet-of-things (IoT) can provide many benefits.
However, a recent study completed by Trend Micro research has unearthed plans to compromise internet-connected gas-pumps. Uncovering IoT threats in the cybercrime underground is the primary focus of the paper titled, The Internet of Things in the Cybercrime Underground, and finds that there has been a surge in discussions on the ‘dark-web’ regarding gas-pump hacking.
What’s more is that the report analyzed five underground communities based on the principal language used in each; English, Russian, Portuguese, Arabic, and Spanish, which leads to the assumption that many of the threats are not only localized. Rather, they span the entire globe which include cyber-attacks on information legitimate institutions, industry, electricity meters and even devices such as webcams, printers and routers.
The discussion regarding the malicious attacks on IoT connected gas pumps peaked in the Russian and Portuguese speaking communities. The report found that “tutorials on the inner workings of commercial gas pumps, including programmable logic controllers (PLCs)” were distributed throughout these dark-web communities. Whilst it is commonly believed that the primary goal of these particular hackers is to gain access to resources for little to no cost, more malign potentialities do exist.
The dark-web, like the regular internet, is a network of websites. However, it is much more difficult for the everyday web user to access and negotiate due to the requirements of a virtual private network (VPN), to encrypt web-traffic, and a specific TOR web-browser.
This enables users to hide their identity and also websites to operate anonymously making it a scene for illegal activity. Whilst most of the sites and forums on the dark web had requests for hacking methods for everyday devices such as webcams, they also found a spike in requests for PLCs, which are used on IoT connected gas pumps and in factories to manage machinery remotely.
Gaining access to PLCs enables DDoS attacks which can have huge consequences such as the synchronized cyber-attack on a Ukrainian power plant that left swathes of the country without power. While, this leads to very real concerns about how further exploiting vulnerabilities in IoT systems could impact the day-to-day lives of people all over the world, the major concern for government and industry is that it opens up the possibility for scenarios involving extortion.
Recent attacks on gas pumps have been less malicious with the Trend Micro report stating how one author teaches those in the forum how to change a tank name to “cashew juice” as an example. However, hackers could also send other commands to the gas pump and even change the tank limit so that it overflows and whilst instructions, “so far lack a clear monetization plan beyond selling the physical modified devices” this is a real concern going forward.
So, the fact that there is very real concern regarding the hacking of IoT connected gas pumps researchers there are methods and counterstrategies that can be deployed to help protect them, and similar devices going forward.
This includes the consistent update and renewal of passwords and using encryption techniques similar to that of those perpetrating cyber-attacks as well as ensuring all software is updated and patched accordingly. The same goes for devices in the home, ensuring good protection and security helps mitigate against potential risks or concerns the everyday internet user or subscriber to smart technologies may have.