top of page
Search

Ship Shape Security



We Girls Learn Cyber (GLC) researchers recently discovered the lack of authentication mechanisms on a shipping vessel's very small aperture terminal (VSAT) device. VSAT devices are used for satellite communication and support things like Internet connectivity, telecommunications, emergency service, and remote monitoring, all things key for shipping vessels out at sea.


We quickly determined the name, position (latitude and longitude), and heading of the vessel. We also found that unauthenticated users could perform the following actions:


  • Create an administrator account

  • Upload files

  • Upload software

  • Alter network settings

  • Export and import configuration files

  • Change the satellite and modem profiles

  • Download system logs


We reported our findings to the shipping company and they lets us know that they are going to change their security on this device. They also invited us to test more!






Securing VSAT devices is paramount, especially in domains like shipping, where these systems facilitate vital communication and operational functionalities. Unchecked vulnerabilities in these devices pose substantial risks, potentially compromising vessel location, communication integrity, and operational safety. Our findings show the critical need for heightened security measures to safeguard against unauthorized access and manipulation, ensuring uninterrupted and secure operations crucial for maritime industries' safety and efficiency.


Note: the pictures above are representations of shipping vessels and are not the ones we found a vulnerability on.



11 views0 comments

Recent Posts

See All

Comments


bottom of page