Gas is too expensive? Let’s make it cheap!

Discussion in '0-day Release' started by RGiskardR, Feb 8, 2018.

  1. RGiskardR

    RGiskardR Malware Tester Silver Member

    A few months ago, while undertaking unrelated research into online connected devices, we uncovered something surprising and realized almost immediately that we could be looking at a critical security threat. What we found was a simple purple web interface that was in fact a link to a real-life gas station, and we suspected this link made the station remotely hackable.

    Amihai Neiderman, then working for Azimuth security, and I investigated the findings. When our suspicions turned out to be true, we reported them to the vendor.

    The story was covered recently by Motherboard VICE, and here we will share some of the technical details behind it. Further details of this research will be shared in early March at the Security Analyst Summit 2018 in Cancun.

    The device we investigated was not just a tiny web interface. It was an embedded box running a Linux-based controller unit that was installed with a tiny httpd server.

    According to its manufacturer, the controller’s software is a site automation device that is responsible for managing every component of the station, including dispensers, payment terminals and more.

    Full source:
    silversurfer and grr like this.
  2. Google Adsense

Share This Page