Skip to main content

Hundreds of Orpak gas station systems can be easily hacked thanks to hardcoded passwords

Homeland Security’s cybersecurity agency says a popular gas station software contains several security vulnerabilities that require “low skill” to exploit.

The advisory, posted by the Cybersecurity and Infrastructure Security Agency (CISA), gave the Orpak SiteOmat software a rare vulnerability severity rating of 9.8 out of 10.

Orpak’s SiteOmat systems monitor the amount of fuel stored in a gas station’s tanks, as well as their temperature and pressure. The software also sets the price of the gas and processes card payments. Its user interface is password protected, preventing unauthorized access to its data or configuration.

According to the advisory, the software contained a hardcoded password set by the manufacturer, which if used would grant unfettered access to the system.

CISA didn’t publish the password.

The advisory said an attacker could gain access to the system’s configuration, including payment information, or shut down the system altogether, preventing customers from buying gas. Worse, the bugs are remotely exploitable, putting any internet-connected SiteOmat device at risk.

A cursory search of Shodan, a search engine for publicly available devices and databases, revealed more than 570 Orpak systems are connected to the internet out of more than 35,000 service stations across 60 countries.

Most of the exposed systems are located in the U.S.

The software also has several other flaws that can be remotely exploited, including code injection and buffer overflow vulnerabilities.

Ido Naor, a security researcher with Kaspersky Lab, was credited with finding the bugs — the second time in as many years. Last year, Naor and his colleague Amihai Neiderman found near-identical flaws in the SiteOmat, including another hardcoded password. The buffer overflow flaw would not only let an attacker gain access to the system but also erase its logs, wiping any evidence of their activity.

CISA said the bugs had been fixed in a new software version — v6.4.414.139 — but customers have to request the update from Orpak directly.

A spokesperson for Orpak parent company Gilbarco Veeder-Root did not immediately return a request for comment.

After account hacks, Twitch streamers take security into their own hands



from TechCrunch https://tcrn.ch/2IVYxKa
via IFTTT
Labels:

Comments

Post a Comment

Popular posts from this blog

The Silent Revolution of On-Device AI: Why the Cloud Is No Longer King

Introduction For years, artificial intelligence has meant one thing: the cloud. Whether you’re asking ChatGPT a question, editing a photo with AI tools, or getting recommendations on Netflix — those decisions happen on distant servers, not your device. But that’s changing. Thanks to major advances in silicon, model compression, and memory architecture, AI is quietly migrating from giant data centres to the palm of your hand. Your phone, your laptop, your smartwatch — all are becoming AI engines in their own right. It’s a shift that redefines not just how AI works, but who controls it, how private it is, and what it can do for you. This article explores the rise of on-device AI — how it works, why it matters, and why the cloud’s days as the centre of the AI universe might be numbered. What Is On-Device AI? On-device AI refers to machine learning models that run locally on your smartphone, tablet, laptop, or edge device — without needing constant access to the cloud. In practi...
1 comment
Read more

Apple’s AI Push: Everything We Know About Apple Intelligence So Far

Apple’s WWDC 2025 confirmed what many suspected: Apple is finally making a serious leap into artificial intelligence. Dubbed “Apple Intelligence,” the suite of AI-powered tools, enhancements, and integrations marks the company’s biggest software evolution in a decade. But unlike competitors racing to plug AI into everything, Apple is taking a slower, more deliberate approach — one rooted in privacy, on-device processing, and ecosystem synergy. If you’re wondering what Apple Intelligence actually is, how it works, and what it means for your iPhone, iPad, or Mac, you’re in the right place. This article breaks it all down.   What Is Apple Intelligence? Let’s get the terminology clear first. Apple Intelligence isn’t a product — it’s a platform. It’s not just a chatbot. It’s a system-wide integration of generative AI, machine learning, and personal context awareness, embedded across Apple’s OS platforms. Think of it as a foundational AI layer stitched into iOS 18, iPadOS 18, and m...
Post a Comment
Read more

Max Q: Psyche(d)

In this issue: SpaceX launches NASA asteroid mission, news from Relativity Space and more. © 2023 TechCrunch. All rights reserved. For personal use only. from TechCrunch https://ift.tt/h6Kjrde via IFTTT
Post a Comment
Read more