An audit of Inmarsat's AmosConnect 8 (originally sold by Stratos Global, now an Inmarsat division) reveals that the ship-to-satellite internet product has a deliberate hidden backdoor -- and an accidental SQL code-injection vulnerability -- that allows anyone in the world to take over all, interrupt, and/or spy on the internet access on many of the world's largest ships and oil rigs.
Amosconnect 8 reached its end-of-life in June 2017, and will no longer receive any patches, meaning these vulnerabilities will remain intact until all affected systems are replaced, which is to say, indefinitely.
The function that grants backdoor access is called "authenticateBackdoorUser."
Apparently, internet communications packages are isolated from internal ship networks that control steering, navigation and propulsion. However, access to the ship's internet would be a boon to pirates and state actors wishing to monitor ships' communications and learn about cargoes, destinations, and locations.
"Essentially anyone interested in sensitive company information or looking to attack a vessel's IT infrastructure could take advantage of these flaws," Ballano said. "This leaves crew member and company data extremely vulnerable, and could present risks to the safety of the entire vessel. Maritime cyber security must be taken seriously as our global logistics supply chain relies on it and as cyber criminals increasingly find new methods of attack."
Backdoor Account Found in Popular Ship Satellite Communications System
[Catalin Cimpanu/Bleeping Computer]
Nuuo is a leading vendor of "trusted video management" tools used in conjunction with CCTVs deployed in sensitive applications like surveillance of "transport, banking, government, and residential areas."
“Hiding behind fake profiles, a group linked to Pyongyang solicited technology work to send hard currency back home.”
In Deposition of respiratory virus pathogens on frequently touched surfaces at airports, published in BMC Infectious Diseases, a University of Nottingham team reveal that the airport security trays they swabbed in the Helsinki airport contained more infectious agents than the airport's toilets.
Sipping on whiskey is already a sophisticated experience, but that doesn’t mean you can’t kick it up a notch. A perfect addition to your desk or home bar, the Eravino Whiskey Globe Decanter features a beautifully etched map on the surface and an eye-catching glass ship inside, bringing an entirely new level of class to […]
Gone are the days when you needed to pore over a 400-page physics textbook to learn about weight ratios, aerodynamics, and all of those other STEM concepts that let us take to the skies. Thanks to Force Flyers’ DIY Building Block Drones, you can foster your STEM knowledge as you build and fly your own functional […]
As more companies leverage cloud technology to unite and streamline their operations, the need for capable IT pros increases. But, as any IT guru will tell you, demand alone won’t get your foot in the door to this lucrative field. If you want to cash in on the demand and build a thriving IT career, […]