A convention in Athens, Greece, Munro detailed some of the appalling security lapses Pen Test Partners found while investigating naval ships that had things exposed online.
His study focused on using basic tools, known by all intelligent security researchers, but also threat actors alike.
Just by using Shodan, a search engine that recognizes anything connected to the Internet, Munro obtained ship equipment all over the world, but sadly, not all of it was correctly configured.
Some of the most delicate equipment he found were satellite antennas positioned on ships to provide throughout the clock radio, Internet, GSM, and other communications.
One such design was the Cobham Sailor 900, for which exists a known exploit that makes hacking it a child’s play for any knowledgeable attacker.
In many cases, the exploit wouldn’t even be required, as the equipment used the same default password admin/1234 as both Munro and French security researcher X0rz have led out.
The bad story is that these antennas aren’t only located on ships, but also helicopters and airplanes. In extension, you won’t only see these wires on container and passenger ships, but also on navy and private security boats.
Some things failed harder than others
Other things that Munro found incorrectly configured and displayed online include Globe Wireless satellite antennas or KVH CommBox private network terminals.
Both handled logins via HTTP, but effective was CommBox, which also dripped the vessel’s name on the login page, and even had a switch that listed all active users, providing an attacker access to the titles of all of the ship’s crew.
Furthermore, an intruder could get in-depth aspects of the private system just by hovering the mouse over some elements on the login page. Such items should have been located behind the login page, and not on it.
There have been no recorded incidents of ship satcom hacking until now, but this is only a circumstance of time.
So far, some obscure malware authors didn’t apprehend what they were doing and ended up establishing remote access trojans on some satcom systems.