Security researcher x0rz found that many VSAT systems can be accessed from the public Internet. This means that hackers can track large ships and aircraft through services such as Shodan, and that long-range attackers can use only default credentials to gain access.
X0rz said that in his hacker experiment, no ship was hurt, “but any malicious hackers can cause significant damage to the vessel, hackers get access to the VSAT phone allows them to view the call records, change the system settings , And even upload new firmware.
Security personnel also pointed out that the VSAT system may be connected to other onboard devices, theoretically, hackers can use the VSAT system into the ship’s internal network, causing more damage. Since these systems are publicly accessible, it is possible to determine the location of the ship and even create a map that can track the vessel in real time.
X0rz identifies a number of vulnerable VSAT systems, all from British manufacturer Cobham and is configured to expose HTTP Web services to the Internet. As pointed out by x0rz, the VSAT system is also popular on airplanes, from small private aircraft to military aircraft and airplanes. Exposure to the VSAT device may also affect the flight safety of the aircraft, allowing the hacker to control the airplane from the bedroom. According to Thane & Thane, Danish shipping company, the VSAT system is used to calibrate the instrument. Any damage will have catastrophic consequences.
The post Hackers can now drop the ship through the VSAT system appeared first on Penetration Testing.