The Internet of Things has shown us time and time again that nothing connected to the internet is safe from hackers, and yet we've mostly written off security-camera fueled botnets as someone else's problem.
But what if the thing in question happens to be a boat loaded with weapons?
A group of cybersecurity researchers is having a field day online with the discovery that the configuration of certain ships' satellite antenna systems leaves them wide open to attack — and the possible consequences are startling.
"Next gen boat ransomware?," suggested the security researcher x0rz over Twitter direct message with Mashable. "Military special operations? Somalian pirates 2.0?"
Anyone who gained access to the system in question, and was so inclined, could manually change a ship's GPS coordinates or possibly even brick the boat's navigation system entirely by uploading new firmware. And why would anyone want to do that?
VSATs are common tech on yachts, and allow for internet access and communication even when boats are in movement. Interestingly, at least some boats with one type of VSAT, the SAILOR 900, have public IPv4 addresses without any firewall. And, you guessed it, Shodan makes it possible to search for this type of device.
The recent revelation appears to have kicked off with the creation of a ship-tracking map, credited to Jeff Merrick, which shows the real-time locations of boats around the globe. The map is powered by data from Shodan, a search engine that lets users search for internet-connected devices and, according to x0rz, uses data from boats' very small aperture terminals (VSAT) to pinpoint their locations.
But here's where things get wild: The default login credentials, which are easily found online, remain unchanged on at least some of these devices (we're choosing not to publish those credentials for what we hope are obvious reasons) — allowing anyone to gain administrator-level access. Once in, x0rz confirmed to Mashable, a ship's GPS coordinates can be manually changed. What's more, an attacker could upload their own firmware and possibly brick the entire navigation system in the process.
This isn't the first time someone has called out Cobham, the UK company that manufactures the SAILOR 900, for potentially problematic security vulnerabilities. A 2014 security white paper from IOActive, a cybersecurity research team, dived into the SAILOR 900 and found that the "vulnerabilities in these terminals make attacks that disrupt or spoof information consumed by the on-board navigations systems, such as ECDIS, technically possible, since navigation charts can be updated in real time via satellite."
Post a Comment