An audit of Inmarsat's AmosConnect 8 (originally sold by Stratos Global, now an Inmarsat division) reveals that the ship-to-satellite internet product has a deliberate hidden backdoor -- and an accidental SQL code-injection vulnerability -- that allows anyone in the world to take over all, interrupt, and/or spy on the internet access on many of the world's largest ships and oil rigs.
Amosconnect 8 reached its end-of-life in June 2017, and will no longer receive any patches, meaning these vulnerabilities will remain intact until all affected systems are replaced, which is to say, indefinitely.
The function that grants backdoor access is called "authenticateBackdoorUser."
Apparently, internet communications packages are isolated from internal ship networks that control steering, navigation and propulsion. However, access to the ship's internet would be a boon to pirates and state actors wishing to monitor ships' communications and learn about cargoes, destinations, and locations.
"Essentially anyone interested in sensitive company information or looking to attack a vessel's IT infrastructure could take advantage of these flaws," Ballano said. "This leaves crew member and company data extremely vulnerable, and could present risks to the safety of the entire vessel. Maritime cyber security must be taken seriously as our global logistics supply chain relies on it and as cyber criminals increasingly find new methods of attack."
Backdoor Account Found in Popular Ship Satellite Communications System
[Catalin Cimpanu/Bleeping Computer]
The United States Internal Revenue Service says it purchased access to a marketing database that offers location data for millions of US cellphones, so the IRS can identify and track persons suspected of tax-related crimes.
Following the discovery and prompting of a security researcher at Awake Security, Google says it has removed 106 malicious Chrome extensions that had 32 million downloads, and which were gathering browsing history and sensitive credentials from users.
Video-calling app Zoom has been on the end of sharp criticism for security weaknesses. In response, they announced today a plan to offer end-to-end encryption for all users, with a trial to begin next month.
For all their power and capabilities, image editing software isn’t like sitting down to play a video game. You aren’t there to have fun. You’re likely looking to make a few minor tweaks to an image to make it ready to be shared, then you move on with satisfaction in a job well done. If […]
This is truly a golden age for fans of a big ginormous TV screen. Not too long ago, to buy a television over 40 inches usually meant wheeling one of those massive Mitsubishi or Toshiba projection monoliths into your home, consuming a vast portion of any room at a cost of potentially $7,000 to $8,000. […]
Nearly 30 years after it started its run as the most dominant productivity software ever created, the Microsoft Office suite of programs are now virtually synonymous with personal computing. From its days bundled with Windows to its current life as Office 365 cloud-based apps, there’s no reason to think perennial hits like Word, Excel and […]