The idea behind building Internet-connected gasoline pumps is to allow large number of of motorists pay for a tank of petroleum using their car’s touchscreen. Leading pioneers with such technology include Jaguar and Shell. The process requires cars to be developed and designed with special touchscreens and linking up gas pumps to with expanding the Internet of Things (IoT) network of connected objects. Smart dispensers, automated payments via apps and green stores are other related ideas aiming to make the life of motorists easier.
A recent ZDNet report shows an increase in discussion on dark web forums about attacking Internet-connected gas pumps.
However, it appears that certain underground forums are discussing information relating to how to hack gas pumps. There is a risk that Internet-facing gasoline stations could be drawn into botnets that then become part of Distributed Denial of Service attacks or manipulated by hackers in order to initiate errors.
To understand what is behind the potential hack, Digital Journal caught up with Eve Maler, vice president of innovation & emerging technology, ForgeRock. According to Maler this issue exemplifies the weaknesses with many forms of connected technology: “The report revealing the spike in interest towards hacking Internet-connected gas pumps also indicates that Internet-of-Things attacks are gradually gaining more traction around the world.”
In terms of the form these attacks may take, she explains: “Many rudimentary attacks have involved ‘device identity theft’ by exploiting default or missing device passwords.” She explains that this cannot be addressed through password administration or software patches since “threat actors are constantly crafting unique methods of entry.”
In terms of those who are operating or developing connected technology need to react, Maler says: “Organizations need to be proactive in their approach towards identity and access management to safeguard their devices from these attacks.” This means robust mechanisms to control interactions and data flows among smart things.
Drawing on a specific example, Maler notes: “Identity management tools provide a way to build access control into the fabric of these ecosystems.” With such systems she explains how “only authorized actions and data access can occur, and only by authenticated entities—whether an operator, a third-party technician, a consumer, or even an application or device.”
