IoT Attacks On Internet-Connected Gas Pumps – Expert Commentary

A recent report shows an increase in discussion on dark web forums about compromising internet-connected gas pumps. One way this is already being achieved is by hackers selling modified smart meters, following on from Russian government legislation mandating that all electricity meters in the country should be replaced by online smart meters. However, users of Russian underground forums are also requesting information on how to hack gas pumps, with tutorials available on the inner workings of commercial pumps. There’s the possibility that internet-facing gas pumps could be roped into botnets for use in Distributed Denial of Service (DDoS) attacks or abused by hackers to cause errors or physical damage.


EXPERTS COMMENTS
Eve Maler, VP of Innovation & Emerging Technology ,  ForgeRock
September 13, 2019
Organizations need to be proactive in their approach towards identity and access management to safeguard their devices from these attacks.
The Trend Micro report revealing the spike in interest towards hacking Internet-connected gas pumps also indicates that IoT attacks are gradually gaining more traction around the world. Many rudimentary attacks have involved ‘device identity theft’ by exploiting default or missing device passwords, but simply changing passwords or patching software isn't enough, as threat actors are constantly crafting unique methods of entry. Organizations need to be proactive in their approach towards identity and access management to safeguard their devices from these attacks. Without an effective way to control the interactions and data flows among smart things and other entities, or to establish trusted relationships across the IoT ecosystem, devices are susceptible to potentially devastating exploitation. Robust identity management tools provide a way to build access control into the fabric of these ecosystems. Only authorized actions and data access can occur, and only by authenticated entities—whether an operator, a third-party technician, a consumer, or even an application or device.

Join the Conversation

Join the Conversation


In this article