Although a growing number of consumers use the “Internet of Things” to connect to the web through everyday products ranging from thermostats and refrigerators to lightbulbs and toothbrushes, all that connectivity also means greater exposure to cyberthreats. One common device researchers say is becoming a target for hackers? Internet-connected gas pumps.
According to a report by ZDNet’s Danny Palmer, cybersecurity forums are abuzz with talk that gas pumps linked to the internet could be remotely accessed via the so-called dark web. Meanwhile, many motorists and even gas station operators may not be aware that pumps are at risk.
“That’s just a gold mine for hackers,” Palmer told CBSN.
Like the regular internet, the dark web is a network of websites, yet it is harder to access for the typical online web user. It requires a virtual private network, or VPN, which encrypts traffic, and a web browser called Tor.
Palmer cited a study from the security firm Trend Micro that analyzed discussions and tutorials found on the dark web. While the most requested hacking methods were for routers, webcams and printers, according to Trend Micro, these criminal marketplaces also included tutorials for online gas pumps with programmable logic controllers, which are also used in factories to manage machinery remotely.
One way hackers can exploit internet-enabled devices is through a “botnet,” a network of devices they control. That network can be used to carry out “distributed denial-of-service” attacks, in which sites and services are shut down by barraging them with data from individual computers.
In 2016, teenage scammers used a botnet called Mirai IoT to knock out internet services in many parts of the East Coast. Other cases include a Ukrainian power plant that was taken offline by cybercriminals in 2015 that left parts of western Ukraine without power.
“It’s quite worrying how the cyber world and the physical world are becoming so interlinked in this way, and can have consequences which impact on the day-to-day lives of people,” Palmer said.
Hackers can also use poorly secured internet-enabled devices as a gateway to a person’s other digital devices, allowing criminals to steal sensitive information, spy on users or monitor networks. “There are a lot of possibilities,” he said.
Palmer recommends that users change the default passwords on internet-connected devices they purchase, as well as utilize VPNs in their home network to encrypt traffic.
“If there’s a really cheap appliance from a company you’ve never heard of, you might want to question whether that’s a good idea, buying that in the first place,” he said.