If there’s anything worse than container security, it would appear to be container ship security.
Ken Munro, a researcher for UK-based Pen Test Partners, has been exploring maritime satellite communication systems used to keep ships connected while at sea. His findings don’t inspire much confidence. Munro, in a blog post today recounting his research, describes ships as floating industrial control systems that were traditionally isolated but are now always connected to the internet.
Industrial control systems (ICS), which evolved without much thought for network-based attacks, have struggled for decades to adapt to the constant state of siege on the internet.
Munro believes the security of ship IT systems is worse still. “Personally, I think ship security is behind broader ICS security,” he said. “The change is as a result of these satcom terminals being online all the time. In the past, just like ICS, ship systems were isolated from the internet.”
Munro said there have been plenty of ship security incidents reported. “One that springs to mind is a mobile drilling platform off the coast of Africa that developed a tilt and had to be evacuated,” he said. “On investigation, the control system had been ‘hacked’. I use the quotes as I suspect it was simply missing or default creds and an exposed control system GUI.”
Using Shodan.io, a search engine for finding devices on the internet, Munro looked for several popular brands of maritime satcom systems, including Cobham, Inmarsat, and Telenor kit, along with older brands that had been acquired, on the assumption they’d be running outdated firmware.
Source: The Register