Satellite communication systems have changed the way passengers and ship crews communicate, making it easy to exchange messages and allowing access to the Internet even in the most remote places. Until recently, it was imagined that the distance and isolation of these vessels would represent a security barrier against cyber attacks. However, new threats exploit vulnerabilities present in this form of communication, exposing whole fleets to the same risks faced by companies on land.

IOActive researchers unveiled two vulnerabilities in the AmosConnect 8 system — a communication platform used by ships developed by Stratos Global to, in conjunction with satellite systems, “facilitate exchange of messages, internet browsing and e-mailing “. These vulnerabilities, according to the study, would allow access to internal systems of offshore vessels.

Researchers have discovered that the system has its credentials (usernames and passwords) in clear text, saved in a SQLite database, and that the system login form would be vulnerable to SQL Injection attacks. By exploiting this vulnerability, the attacker would be able to recover credentials.

In addition to this vulnerability, the team found a built-in backdoor on the server with full system privileges: “This particular vulnerability allows attackers to use all the features of AmosConnect’s Task Manager.”

Although critical — because they enable access to other ship systems, get corporate data, or even take control of other networks — the vulnerabilities are not trivial to exploit, researchers said.

To exploit them, a hypothetical attacker would have to use a compromised mobile device or an infected USB drive attached to the ship’s network, limiting, for example, remote attacks.

However, another threat recently discovered has this functionality.

In July, an independent researcher (identified as “x0rz”) posted on Twitter that communication systems installed on ships are vulnerable to attacks due to faulty configurations in some satellite antenna systems installed on them.

Using the Shodan device search engine, the researcher stated that he was able to trace, with great precision, the location of vessels using the VSAT satellite communication system — acronym for “Very Small Aperture Terminal”. After obtaining this information, he was able to access these systems “using login data available on the internet”.

The researcher estimates that, in a hypothetical attack, it would be possible to obtain logs from phone calls made through these antennas, install malicious firmware files and modify system settings. More serious, however, is the fact that, once accessing the VSAT, the alleged attacker could use the system as a gateway to access the vessel’s internal network.

A Reuters article, published on 7h August, states that the risks of cyber attacks against satellite navigation systems are leading to a search for backup solutions based on radio systems. “Unlike airplanes, ships do not have a solution to replace satellite navigation systems and, if they fail, vessels are at risk of running aground or colliding with other ships.”

Among examples of initiatives to reduce the risks and threats of cyberattacks against vessels, the article cites a system called eLoran, an evolution of LORAN — LOng RAnge Navigation, a terrestrial radionavigation system based on the use of co-ordinated radioelectric pulse emissions — developed by Korea with the United States. Russia and the UK would also be actively working on developing versions of the technology.

Attacks on ships’ navigation systems can have serious consequences for the global economy.

Figures from the International Shipping Chamber (ICS) — the main trade association of the shipping industry — give a measure of these consequences. According to the organization, currently 90% of the world’s commerce circulates in ships, in a fleet composed of “50 thousand merchant ships (…) registered in more than 150 countries and with a crew of more than one million sailors”.

.   .   .