Attackers could fully compromise shipping comms server via backdoor
Attackers could fully compromise shipping comms server via backdoor

Several  vulnerabilities have been found in satellite communications devices used in shipping that could allow pre-authenticated attackers to fully compromise a communications server.

According to a blog post by IOActive, the flaws are found in AmosConnect 8, a platform designed to work in a maritime environment in conjunction with satellite equipment. The platform provides ships with such services as email, messaging, position reporting, intern for crew, automatic file transfer, and application integration.

Researchers said that a blind SQL Injection vulnerability is present in the login form, allowing unauthenticated attackers to gain access to credentials stored in its internal database.

“The server stores usernames and passwords in plaintext, making this vulnerability trivial to exploit,” said researchers. “The parameter data [MailUser][emailAddress] is vulnerable to Blind SQL Injection, enabling data retrieval from the backend SQLite database using time-based attacks.”

Researchers said that hackers could successfully exploit this vulnerability and can retrieve credentials to log into the service by executing a number of queries.

Also discovered by researchers in the AmosConnect server was a built-in backdoor account with full system privileges. They said that this flaw allows attackers to execute commands with system privileges on the remote system by abusing AmosConnect Task Manager.

Users accessing the AmosConnect server see a login screen which reveals the Post Office ID, this ID identifies the AmosConnect server and is tied to the software licence. Researchers found a function in the source code called "authenticateBackdoorUser".

The password for the backdoor is derived from the Post Office ID and a hacker could deduce the password from examining the source code and reverse engineering the backdoor function.

Researchers said that while the flaws may only be exploited by an attacker with access to the IT systems network, it's important to note that within certain vessel configurations some networks might not be segmented, or AmosConnect might be exposed to one or more of these networks.

“A typical scenario would make AmosConnect available to both the BYOD “guest” and IT networks; one can easily see how these vulnerabilities could be exploited by a local attacker to pivot from the guest network to the IT network. Also, some the vulnerabilities uncovered during our SATCOM research might enable attackers to access these systems via the satellite link,” said researchers.

“All in all, these vulnerabilities pose a serious security risk. Attackers might be able to obtain corporate data, take over the server to mount further attacks, or pivot within the vessel networks.”

In a statement, Inmarsat, the firm behind AmosConnect 8, said that it had discontinued availability and support of AmosConnect 8 back in June. Inmarsat said customers could use AmosConnect 7 instead.

Inmarsat added that when the flaws was brought to its attention by IOActive earlier in the year, it issued a security patch that was applied to AC8 to “greatly reduce the risk potentially posed”.

“Inmarsat's central server no longer accepts connections from AmosConnect 8 email clients, so customers cannot use this software even if they wished too,” it said in a statement.

It added that the vulnerability would have been very difficult to exploit as it would require direct access to the shipboard PC that ran the AC8 email client.  “This could only be done by direct physical access to the PC, which would require an intruder to gain access to the ship and then to the computer.  While remote access was deemed to be a remote possibility as this would have been blocked by Inmarsat's shoreside firewalls,” the company said in a statement.

Thomas Fischer, global security advocate at Digital Guardian, told SC Media UK that on board a ship, physically upgrading, patching or replacing vulnerable devices or software can be a very complex endeavour, as not only do you need time to replace or upgrade each device but you also need to either travel to the ship, or coordinate a small window of opportunity when the ship is docked.

“It's also essential that any changes to the on-board equipment work first time and do not introduce any down-time, as they may be vital to the operation of the ship or safety of the crew,” he said.

“In general, maritime organisations need to look at what infrastructure they have, how secure it is, and separate all critical infrastructure from insecure networks. A key factor in improving the security profile of ships will be to work with vendors to find ways to update or replace older IT equipment. And, they also need a plan that allows them to carry out these updates when ships are docked."