Industrial control systems can find themselves in the darndest places, and have the most important jobs imaginable when it comes to environmental protection, a company’s financial health, or its compliance with regulatory mandates.
Automatic Tank Gauge (ATG) systems are one such ICS. These devices have sets of sensors that measure and record fuel levels, condensation, temperature, and volume in storage tanks. They are critical because they can be used to monitor for leaks, and can trigger alerts, sirens, perform emergency shutoff procedures, or allow for ventilation if necessary. ATG devices are commonplace inside storage tanks, including those at gasoline stations, military bases, hospitals, airports, and elsewhere.
In this episode of the Nexus Podcast, Pedro Umbelino, Principal Research Scientist at Bitsight Technologies, joins to discuss his team's research into Automatic Tank Gauge (ATG) systems and how they uncovered 11 vulnerabilities in ATGs manufactured by five different vendors.
The vulnerabilities uncovered by Pedro and his team, particularly in the ATG protocol, range from authentication bypass flaws and privilege escalation, to command and SQL injection attacks. All of the vulnerabilities could allow an attacker to gain full administrator privileges of the device application managing these ATGs, as well as access to the full operating system.
The vulnerabilities may expose thousands of these systems to catastrophic risks, from environmental hazards to significant economic losses, including physical damage. Worse yet is that these systems are old and challenging to update. Umbelino said that more than 9,000 are reachable online.
Umbelino explained that research into the protocol isn’t new, and previous vulnerabilities have been found that cannot be fixed without an overhaul of the core specification itself.
“It’s a legacy protocol, but it’s still being used [on new devices]. Most devices that are new have that option of either by default or have the ability to turn on that protocol because there are many solutions that are out there from integrators that they need to be able to pull data from these ATGs using that protocol,” he explained. “They don’t have another solution, so that’s probably why it’s still being maintained.”
Throughout the discussion, Umbelino discusses:
Some details on the vulnerabilities
The disclosure process with the respective vendors
The potential impact from successful exploits, including environmental and other physical damage
The challenges in fixing these issues in the field
Michael Mimoso is Director of Influencer Marketing at Claroty and Editorial Director of Nexus.