An audit of Inmarsat's AmosConnect 8 (originally sold by Stratos Global, now an Inmarsat division) reveals that the ship-to-satellite internet product has a deliberate hidden backdoor -- and an accidental SQL code-injection vulnerability -- that allows anyone in the world to take over all, interrupt, and/or spy on the internet access on many of the world's largest ships and oil rigs.
Amosconnect 8 reached its end-of-life in June 2017, and will no longer receive any patches, meaning these vulnerabilities will remain intact until all affected systems are replaced, which is to say, indefinitely.
The function that grants backdoor access is called "authenticateBackdoorUser."
Apparently, internet communications packages are isolated from internal ship networks that control steering, navigation and propulsion. However, access to the ship's internet would be a boon to pirates and state actors wishing to monitor ships' communications and learn about cargoes, destinations, and locations.
"Essentially anyone interested in sensitive company information or looking to attack a vessel's IT infrastructure could take advantage of these flaws," Ballano said. "This leaves crew member and company data extremely vulnerable, and could present risks to the safety of the entire vessel. Maritime cyber security must be taken seriously as our global logistics supply chain relies on it and as cyber criminals increasingly find new methods of attack."
Backdoor Account Found in Popular Ship Satellite Communications System
[Catalin Cimpanu/Bleeping Computer]
Hackers working for China’s government targeted firms working on coronavirus vaccines, and stole hundreds of millions of dollars worth of intellectual property and trade secrets, claims the Justice Department in a statement Tuesday announcing criminal charges.
This is quite a major hack. Now is a good time to change your Twitter password, if you are a user. Hackers pumping a cryptocurrency giveaway scam appear to have compromised the Twitter accounts of leading exchanges, prominent individuals, major corporations, and at least one news organization.
The mobile phones of a number of politicians in Spain, including the president of Catalonia’s parliament, were recently hacked. The government of Spain has been an NSO customer since 2015, reports Motherboard on Tuesday. NSO Group is an Israeli company that sells surveillance and hacking tools to governments around the world.
We get it. You don’t have to go to the office anymore. That’s no excuse for letting your grooming go positively feral. We’re not saying you need to be GQ cover model-ready every Monday through Friday. But at least put in some effort to keep yourself relatively trimmed, clean, and on point. Even if you […]
With everybody cooped up inside right now, it’s no surprise that many houses are starting to get a little bit…well, funky. Yeah…they smell. With everybody running around and sweating and working and cooking and everything else, odors get trapped inside your home. And don’t even get us started on what happens when litter boxes and […]
If you’re a big fan of ink, but not such a big fan of the forever side to tattoo body art or the pain, the Prinker S Temporary Tattoo Printer might just be your favorite creation of the century. Winner of 2020 Red Dot and If Design awards, the Prinker S is kind of like […]