Posted on October 27, 2017 at 1:59 PM
A group of researchers recently discovered several vulnerabilities in the software employed by thousands of maritime ships across the world.
Earlier this week, a group of researchers from IOActive revealed their analysis of the popular AmosConnect 8.0. The report revealed two severe security vulnerabilities which would allow hackers easy access to a ship’s system and sensitive information.
AmosConnect was created by Stratos Global, an Immarsat company. Essentially the AmosConnect system enables all communication on any ship that utilizes the network. The software allows the shipboard to provide all narrowband satellite communication services, including fax, email, and interoffice communication for all vessels at sea.
Global shipping firms and corporations frequently handle sensitive client information when shipping goods across the world. Ships also frequently carry valuable loads, making it a lucrative target for hackers.
There have been previous incidents of hackers targeting ships with valuable loads. Hackers infiltrated the ships’ navigational system in order to keep track of the ships’ whereabouts in order to steal their goods. This incident has proved that shipping security is of the utmost importance.
However, according to IOActive’s report, Amos Connect failed to sufficiently address security concerns.
According to the researchers from IOActive, there was a severe vulnerability in the software’s login forms. Specifically, as a blind SQL injection bug gave hackers entrance to view credentials that were saved on the internal network database.
IOActive researchers have confirmed that exploiting this flaw did not require any skill.
In addition, the researchers also found a backdoor. According to the report, the AmosConnect server includes a feature with a built-in backdoor that has certain privileges. By exploiting this backdoor, hackers would gain all system and administrator privileges, which would allow them to run unauthorized code on the system.
Researchers have confirmed that once this flaw has been exploited, hackers can easily gain access to all information and data stored within the AmosConnect server. This could also possibly allow access to other connected systems.
The research investigation was conducted based on the previous findings by an IOActive researcher, Ruben Santamarta. In September 2016, Santamarta discovered that he could gain full administrator privileges using the AmosConnect 8.4.0 software, as well as being able to infiltrate all the data stored within the network.
According to IOActive principal security consultant, Mario Ballano, these flaws were easily exploitable to such an extent that any hacker with moderate computer skills could easily gain access to a ships’ IT infrastructure. Ballano continued to say that these flaws made all vessels and their crew extremely vulnerable to attack. He also emphasized that vessels’ cybersecurity must be taken more seriously to address and prevent future attacks.
The team of researchers from IOActive notified Immarsat of the vulnerabilities soon after their discovery. Since being notified, Immarsat has disconnected AmosConnect 8.0. The company has advised affected users to switch back to an earlier version, or to implement an email-based system instead.
Similar vulnerabilities were previously discovered in different industries. A group of Pen Test Partners researchers discovered similar flaws in communications control systems in the industrial industry which affected large firms such as Telenor and Cobham.
In most cases, login credentials were very easy to crack, and in specific cases, such as that of Transport Layer Security (TLS), the cryptographic protocols were not present.
According to one of the firm’s security researchers, Ken Munro, the slack security measures were unacceptable. Considering that businesses of this scale at vitally important to the economic system, Munro’s criticism should be taken to heart.
Since the discovery of the flaws, an Immersat spokesperson has confirmed that they would retire AmosConnect 8 and that all their clients were informed that AmosConnect would no longer be active as of July 2017.
The Immersat spokesperson confirmed that since the flaws were brought to their attention, they did release a patch which would reduce the threat in AmosConnect 8.0, however, they have since decided to retire the product and the software is no longer available for purchase and download on their website.
In addition, the Immersat central server has ensured that they will not accept any connections from AmostConnect 8 email users.