Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/26/2017
05:50 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Inmarsat Disputes IOActive Reports of Critical Flaws in Ship SATCOM

Satellite communications provider says security firm's narrative about vulnerabilities in its AmosConnect 8 shipboard email service is overblown.

Two critical flaws in a shipboard satellite communication platform from British SATCOM firm Inmarsat allow threat actors to take control of the system and potentially attack other networks on a ship, IOActive warned in a disputed report Thursday.

The vulnerabilities exist in Inmarsat's AmosConnect 8 (AC8) shipboard email client service and cannot be fixed since the company has discontinued support for the platform, IOActive said in an advisory Oct. 26.

"The vulnerabilities pose a serious security risk," IOActive said in the advisory. "Attackers might be able to obtain corporate data, take over the server to mount further attacks, or pivot within the vessel networks."

Inmarsat itself described the report as over-the-top and incorrect. "The story that IOActive have been putting out is very misleading," a spokesman for the company told Dark Reading. "The service their report focused on is no longer available and cannot be accessed by customers. The theoretical threat they identified would have been very hard to achieve," he claimed.

Inmarast's AC8 platform is a satellite communication system that enables services such as email, instant messaging, and Internet services for crewmembers onboard a ship at sea.

IOActive said it found a Blind SQL injection vulnerability and a backdoor account on AC8 that gives attackers a way to gain complete control of the server. The SQL injection error is present in the login form for the platform and would give attackers access to usernames and passwords stored in plaintext on the underlying server. The second vulnerability involves a backdoor account with full system privileges on the AmosConnect server that an attacker can access via a task manager tool using a hardcoded password in the system.

The vulnerabilities that IOActive discovered are not directly exploitable over the Internet. An attacker would require access to a ship's IT networks to take advantage of the vulnerabilities. But attackers who do gain access to the network could use the vulnerabilities to take control of the platform and use it to potentially hop on to other ship networks.

"There are several ways in which an attacker might be able to get access to that network and that highly depends on the architecture of the vessel," says Mario Ballano, principal security consultant at IOActive and the author of the report issued today. "But typical ways might include WiFi cracking, via malware on BYOD devices, via malware on USB memory sticks, via other vulnerabilities in satellite equipment," and other ways, he notes.

Typically, the different networks on a ship, such as the navigation systems network, industrial control systems network, IT network, and SATCOM network are segmented from each other. But sometimes they are not and AmosConnect could be exposed to another ship network thereby putting that at risk as well.

But according to Inmarsat, AC8 is no longer in service. The company said it had begun to retire the platform even prior to IOActive's report and had in fact informed customers the service would be terminated this July. "Inmarsat’s central server no longer accepts connections from AmosConnect 8 email clients, so customers cannot use this software even if they wished to," the company claimed.

Inmarsat said that when IOActive informed it of the vulnerabilities in early 2017, the company issued a security patch even though the product was nearing end of life. IOActive meanwhile says it found the vulnerabilities in Sep. 2016 and sent a vulnerability report to Inmarsat last October. The company claims that Inmarsat acknowledged the issues last November itself.

According to Inmarsat, the vulnerabilities that IOActive disclosed would also have been very difficult to exploit since they require direct access to a shipboard PC running the AC8 email client. "To exploit the flaws an intruder would first need to gain access to the ship and then to the computer. Remote access, while a remote possibility, would have been blocked by Inmarsat's shoreside firewalls, the company claimed.

Related content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
APT Groups Set Sights on Linux Targets: Inside the Trend
Kelly Sheridan, Staff Editor, Dark Reading,  9/11/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9739
PUBLISHED: 2020-09-18
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exp...
CVE-2020-9744
PUBLISHED: 2020-09-18
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exp...
CVE-2020-9745
PUBLISHED: 2020-09-18
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exp...
CVE-2020-0089
PUBLISHED: 2020-09-18
In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137015603
CVE-2020-0262
PUBLISHED: 2020-09-18
In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156353008