<Prev | [Index] | Next>


gabe@gabegold.com
Date: Mon, 30 Oct 2017 00:33:07 -0400

Ah, the high seas. Nothing around you but salt air, water for miles, and web connectivity from satellites. Peace and quiet. But researchers at the security consulting firm IOActive say that software bugs in the platforms ships use to access the Internet could expose data at sea. And these vulnerabilities hint at larger threats to international maritime infrastructure.

A report published Thursday outlines two flaws in the AmosConnect 8 web platform, which ships use to monitor IT and navigation systems while also facilitating messaging, email, and web browsing for crewmembers.
Compromising AmosConnect products, developed by the Inmarsat company Stratos
Global, would expose extensive operational and personal data, and could even undermine other critical systems on a ship meant to be isolated.

It's low-hanging fruit, says Mario Ballano, principal security consultant at
IOActive who conducted the research. ``The software that they're using is often 10 to 15 years old, it was meant to be implemented in an isolated way. So other software in these environments probably suffer from similar vulnerabilities, because the maritime sector originally didn't have connection over the Internet. But now things are changing.''

https://www.wired.com/story/bug-in-popular-maritime-platform-isnt-getting-fixed/


<Prev | [Index] | Next>