At the 2025 RSA Conference in San Francisco, Pedro Umbelino, a principal research scientist at Bitsight, raised an alarming issue regarding the security of Internet-connected automatic fuel tank gauges (ATGs), which are used by gas stations, fuel depots, and other critical facilities to monitor tank levels, temperatures, leaks, and other operational parameters.
Umbelino warns that these devices, which are often overlooked in cybersecurity discussions, pose a serious cybersecurity risk that could lead to catastrophic consequences if exploited by hackers.
The Risks of ATG Compromise
The potential consequences of an attack on these systems include:
- Shutting down pumps and alarms
- Faking tank data, such as altering fill levels or triggering false refills
- Swapping tank labels, causing mismanagement
- Resizing tanks to make them appear larger than they actually are
- Triggering malfunctioning relays, potentially frying the ATG and related equipment, like pumps and alarms
According to Umbelino, even small-scale attacks on ATGs can lead to cascading effects that disrupt operations beyond the immediate damage. “Gas stations would need to shut down, at least temporarily, and so would backup generators from critical infrastructure,” he explains. He points to the May 2021 ransomware attack on Colonial Pipeline, which caused significant fuel shortages due to panic buying, even though the attackers never accessed industrial controls directly.
Industry Concerns and Historical Warnings
The concerns over ATG security vulnerabilities are not new. As early as 2015, security researcher HD Moore, the creator of Metasploit, highlighted similar risks in his blog post, The Internet of Gas Station Tank Gauges. Moore found that over 5,800 ATGs, many located in the U.S., were exposed to the Internet via TCP port 10001 without any password protection. These devices, often at retail gas stations, were vulnerable to a variety of attacks due to inadequate security measures.
In 2015, researchers at Trend Micro further demonstrated the risks with their Gaspot honeypot, revealing how frequently cybercriminals target Internet-connected ATGs. Despite these early warnings, the problem has only gotten worse.
A 2022 Cyborg study revealed a 120% increase in Internet-exposed ATGs since Moore’s 2015 findings, with over 11,000 devices now vulnerable to cyberattacks. Additionally, BitSight’s 2024 research exposed a range of easy-to-exploit vulnerabilities in current ATG models from multiple manufacturers, including Gilbarco Veeder-Root and Dover Fueling Solutions. In just one week, Bitsight identified 11 vulnerabilities in six ATG models, some with critical severity scores of 10/10 on the CVSS scale.
These vulnerabilities not only put ATGs at risk but also compromise the devices connected to them, such as ventilation systems, emergency shutoff valves, alarm systems, and fuel pumps. Exploiting these weaknesses could result in widespread system malfunctions, impacting the entire infrastructure.
The Danger of Easy Exploitation
Attackers can find vulnerable ATGs with relative ease using tools like Shodan, a search engine for Internet-connected devices. Even if some ATGs are password-protected, many use weak or default passwords, such as “123456”, making them highly susceptible to remote attacks.
Umbelino points out that while Shodan may not reveal every exposed device, it provides enough visibility to launch attacks that could disrupt operations with minimal effort. “Even basic reconnaissance can reveal exploitable targets with zero authentication and full physical impact potential,” he warns.
The risks associated with these insecure ATGs could go beyond operational disruptions. If multiple gas stations across the U.S. were targeted, it could lead to nationwide fuel shortages and chaos, affecting the economy and public safety. With thousands of ATGs exposed on the Internet, these vulnerabilities present a pressing cybersecurity challenge that demands immediate attention.
As cybersecurity threats evolve, industries like fuel management must take proactive steps to protect Internet-connected systems like ATGs from exploitation. Ensuring that these devices are not exposed to the Internet or properly secured with strong passwords and regular updates is crucial to preventing attacks that could have far-reaching consequences.
