Hackers can now drop the ship through the VSAT system – Penetration Testing

Large vessels and aircraft are usually equipped with a VSAT system that allows crew members to send and receive information during the voyage and access the Internet. It turns out that some of these VSAT systems are very insecure and may allow an attacker to gain access and interrupt communications.

Security researcher x0rz found that many VSAT systems can be accessed from the public Internet. This means that hackers can track large ships and aircraft through services such as Shodan, and that long-range attackers can use only default credentials to gain access.

X0rz said that in his hacker experiment, no ship was hurt, “but any malicious hackers can cause significant damage to the vessel, hackers get access to the VSAT phone allows them to view the call records, change the system settings , And even upload new firmware.

Security personnel also pointed out that the VSAT system may be connected to other onboard devices, theoretically, hackers can use the VSAT system into the ship’s internal network, causing more damage. Since these systems are publicly accessible, it is possible to determine the location of the ship and even create a map that can track the vessel in real time.

X0rz identifies a number of vulnerable VSAT systems, all from British manufacturer Cobham and is configured to expose HTTP Web services to the Internet. As pointed out by x0rz, the VSAT system is also popular on airplanes, from small private aircraft to military aircraft and airplanes. Exposure to the VSAT device may also affect the flight safety of the aircraft, allowing the hacker to control the airplane from the bedroom. According to Thane & Thane, Danish shipping company, the VSAT system is used to calibrate the instrument. Any damage will have catastrophic consequences.

The post Hackers can now drop the ship through the VSAT system appeared first on Penetration Testing.

http://ift.tt/2uDtvi7 http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s