Previously it was reported that hackers can take over ships by exploiting critical vulnerabilities in VSAT communication system. Now, security consulting firm IOActive’s researchers have discovered that there are several vulnerabilities present in the platforms used by seaborne ships to access the internet. The bugs in the software can leak data from the sea and also can cause larger threats to the global maritime infrastructure.
In its report, IOActive explained about the two identified flaws in the AmosConnect 8 web platform, developed by Stratos Global to work in combination with satellite equipment. This particular platform is used by ships to track IT and navigation systems as well as to facilitate messaging, web browsing and emailing for on-board crew members.
The flaws are not readily accessible but can allow in-depth access to the systems of the ship. The attacker can easily get access to ship’s network using a compromised mobile device that is present on the ship or maybe the function could be performed by an infected USB drive that might be brought onboard to exchange data with ports or attackers can get physical access too.
The first of the two flaws are identified in the login form of the platform where a blind SQL Injection vulnerability is present; it lets the attacker access the database where software’s credentials are stored and obtain sensitive data like username and password. It is worth noting that AmosConnect 8 saves the credentials in pairs and in plaintext format, which means that attacker may not even need to crack encryption scheme to get desired data.
“The server stores usernames and passwords in plaintext, making this vulnerability trivial to exploit.The parameter data is vulnerable to Blind SQL Injection, enabling data retrieval from the backend SQLite database using time-based attacks,” read IOActive’s blog post.
The second flaw identified by IOActive researchers is that the server contains a built-in backdoor account that offers full system privileges. This particular flaw would let attackers execute commands while enjoying system privileges on the remote system through merely compromising Task Manager of AmosConnect.
If AmosConnecy products are compromised, it would be devastating for maritime institutions because extensive operational data would be exposed while other critical systems will be undermined. Ultimately the vulnerabilities will help an attacker in completely hijacking a communications server.
Maritime Platform Vulnerability Allows Hijacking of Communication Server and Exposure of Sensitive Data.
“All in all, these vulnerabilities pose a serious security risk. Attackers might be able to obtain corporate data, take over the server to mount further attacks or pivot within the vessel networks.”
IOActive’s principal security consultant Mario Ballano referred to the flaws as “low-hanging fruit” because the software used by the ships nowadays is around 10 to 15 years old. Ballano noted that the software was developed to be implemented in an isolated manner, therefore, other software used in this sort of environment tend to become vulnerable and exploitable given that maritime sector never originally had internet connectivity.