An audit of Inmarsat's AmosConnect 8 (originally sold by Stratos Global, now an Inmarsat division) reveals that the ship-to-satellite internet product has a deliberate hidden backdoor -- and an accidental SQL code-injection vulnerability -- that allows anyone in the world to take over all, interrupt, and/or spy on the internet access on many of the world's largest ships and oil rigs.
Amosconnect 8 reached its end-of-life in June 2017, and will no longer receive any patches, meaning these vulnerabilities will remain intact until all affected systems are replaced, which is to say, indefinitely.
The function that grants backdoor access is called "authenticateBackdoorUser."
Apparently, internet communications packages are isolated from internal ship networks that control steering, navigation and propulsion. However, access to the ship's internet would be a boon to pirates and state actors wishing to monitor ships' communications and learn about cargoes, destinations, and locations.
"Essentially anyone interested in sensitive company information or looking to attack a vessel's IT infrastructure could take advantage of these flaws," Ballano said. "This leaves crew member and company data extremely vulnerable, and could present risks to the safety of the entire vessel. Maritime cyber security must be taken seriously as our global logistics supply chain relies on it and as cyber criminals increasingly find new methods of attack."
Backdoor Account Found in Popular Ship Satellite Communications System
[Catalin Cimpanu/Bleeping Computer]
Over at XKCD, Randall Munroe's predicted the Critical Vulnerabilities and Exposures for 2018, with some pretty solid predictions (especially under the tooltip, which finally reveals a secret that many of us have kept mum about for literal decades -- damn you, Munroe!).
It's been less than a year since a public-spirited hacker broke into the servers of Florida stalkerware vendor Retina-X, wiping out all the photos and data the company's customers had stolen from other peoples' phones (including their kids' phones) by installing the spying apps Phonesheriff on them.
A pair of researchers from Toronto's storied Citizen Lab (previously) have written an eye-opening editorial and call to action on the ways that repressive states have used the internet to attack dissidents, human rights advocates and political oppositions -- and how the information security community and tech companies have left these people vulnerable.
Going back to school isn’t necessarily an option for everyone. Between the time commitments and steep tuition rates, there are obstacles aplenty as far as furthering education is concerned. However, that’s not to say it’s impossible to learn new skills. Excel with Business lets users access thousands of hours of online learning in Microsoft, business, technology, […]
More often than not, you won’t see an accident coming, which means it pays to be proactive and ensure you have the right tools on-hand before you need them. Whether you find yourself in the middle of a power outage or having car trouble at night, you can make sure you’re still capable of navigating […]
Trains may not be the most popular means of conveyance nowadays, but chances are you grew up playing with toy trains or building a model set to wrap around the Christmas tree. In either case, it’s safe to say that locomotives have long carried a unique sense of awe and scale, especially when they’re hundreds […]