PureBlue Blog

Built-In Software Backdoor Makes Thousands of Maritime Vessels Vulnerable to Cyberattack

August 1, 2018
Photo by Martin Damboldt from Pexels
By K.C. Compton

Researchers have unveiled a new analysis of AmosConnect 8.0, a communications software used by thousands of maritime ships worldwide. The software’s shipboard platform provides narrowband satellite communications, email, fax, interoffice communication and more for those at sea. As the IOActive security researchers have discovered, the platform also provides a pathway to hack critical information and a backdoor that crooks can leverage to gain unauthorized network access to sensitive information stored in the AmosConnect server.

This is not a trivial flaw. As ZDNet reports, international shipping firms and services frequently deal with confidential data about their customers, as well as information where valuable packages might be found, which makes their data a luscious target for threat actors.

Take, for instance, the global shipping company that was tackling a most unusual case of cyber attackers boarding vessels, locating specific sought-after crates containing valuables and steal the content of only that crate—very odd pirate behavior. According to the Verizon Data Breach Digest, sleuth work by a security team the company contracted discovered that the pirates had compromised its networks through a vulnerability in the ship’s content management system (CMS). The thieves went in through the backdoor (a software flaw that malicious actors can breach and gain access to a computer and whatever network it’s connected with) and downloaded cargo reports.

Armed with the detailed cargo reports, the pirates were able to target the most valuable crates, swoop in and carry those off and sail into the sunset with their shipping containers full of the 21st century version of pirate booty.

The pirates weren’t even hacking experts, the Verizon team discovered. They used straight HTTP rather than SSL encryption.  The pirates’ lack of sophistication ultimately led the security team to track them directly back to their home systems because they didn’t know to use a proxy server.

The important takeaway in this story, however, isn’t how dumb the pirates were, but how easy it was for them to breach a complicated system with very little knowledge or skill. That’s how backdoors work and why basic security protections are beyond important. This is not the first instance of such a vulnerability. As previously reported by ZDNetresearchers from Pen Test Partners recently found similar issues in industrial control systems from other major brands including Telenor and Cobham.

With the AmosConnect software, the lapse is serious because once attackers got into the system—which the security experts said was ridiculously easy—the usernames and passwords were stored in plaintext, making the bad guys’ job easy as pie.

And what’s worse, Mario Ballano, IOActive principal security consultant, said is that anyone looking for sensitive company information could take advantage of these flaws and get confidential information on all crew members and company data.

“Maritime cybersecurity must be taken seriously, as our global logistics supply chain relies on it and as cybercriminals increasingly find new methods of attack,” Ballano said.









Did you enjoy this article? If so, sign-up for more water innovation updates via our bi-monthly newsletter Ripples.
Sign-up for ripples
Contact PureBlue