Recently, several gas stations have had their POS hacked through a weakness in the Automatic Tank Gauge (ATG). These ATG's are faced with the threat of online exposure if they are NOT password protected. This means that anyone on the internet can access and have complete control over these ATG's. The online “hacker” has the potential to continuously generate alarms and can ultimately shut off fuel pumps.
On January 10th, 2015 Rapid7 (a highly regarded IT security company) performed a scan of the internet and discovered that 5,300 ATG interfaces (in USA) were publicly accessible from the internet without password protection. This computes to 3% of all fueling stations in the US. A majority of these ATG’s are manufactured by Veeder-Root. These ATG’s are NOT using a login password or a Virtual Private Network (VPN) gateway to connect to their monitoring provider.The danger of using unsecured ATG’s is that anyone can log into the ATG and manipulate settings. These could range from modifying alarm thresholds and continuously generate alarms, to shutting off fuel pumps.
To ensure that your site is not at risk, I recommend consulting with either your automated fuel management system or your maintenance contractor.