Severe vulnerabilities have been discovered in the AmosConnect 8 software used in thousands of ships worldwide. The communications platform is best known for providing ships at sea with narrowband satellite communications, email, fax and interoffice communication. However, security researchers from IOActive revealed two critical issues that could potentially allow attackers to access systems and any stored data.
According to the researchers, flaws in the platform’s login forms make them vulnerable to blind SQL injections, which are when a malicious actor injects data into a form to force an error message that provides certain information about the server.
On the AmosConnect 8, an attacker with network access can use the SQL attack to obtain login credentials of other users. The server apparently stores the usernames and passwords in plaintext, which makes them much easier to steal.
The platform also has a built-in backdoor that allows full system privileges, which allows an attacker to execute arbitrary code on the server remotely. Any data stored on this server could be potentially exposed, and attackers could also leverage access to enter any connected networks. This is particularly sensitive since international shipping companies deal with confidential customer data and private transportation information.
Attacks on the shipping industry have been steadily making headlines as hackers experiment with different ways to make a profit. There are reports of hacker-pirates snooping on the shipping schedule of certain goods to find the most valuable vessel to hijack.
News sources say that Inmarsat, the makers of AmosConnect, have already addressed the security issues and issued a patch for the vulnerability. The company has discontinued version 8.0 and advised customers to roll back to the earlier AmosConnect 7.0 instead.
Like many other industries, shipping companies are transitioning and adopting more modern features. In this situation, the custom software they use needs to be designed with security in mind, especially with the rising number of cyber threats. Companies should also keep their systems updated and patched to protect them against known and widespread threats.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.