Tuesday, June 26, 2018

Simple security flaws can steer ships off course - It all stems from simple security issues, including the failure to change default passwords (which ironically are published by the manufacturers on their own websites) or segment networks.



Researcher Ken Munro, with Pen Test Partners, on Monday showed how the attack could work and how it’s possible to manipulate a ship’s steering, propulsion, ballast and navigation data

The weaknesses Munro found stem from several vulnerable IP network devices on ships – which are used in business systems, crew mail and web browsing.

For the proof of concept, researchers focused on serial-IP converters, including those made by Moxa and Perle Systems, which are used to send serial data over IP/Ethernet networks’ cabling. Researchers were able to use a hacker box to look at the data running through the serial-to-IP converters.

These converters have an array of security issues if not updated, he said. The web interface for configuration generally have default credentials – which ironically are published by the manufacturers on their own websites, the researcher said.

“Once you’ve got the password, you can administrate the converter,” wrote Munro. “That means complete compromise and control of the serial data it is sending to the ships engine, steering gear, ballast pumps or whatever.”

https://threatpost.com/simple-security-flaws-could-steer-ships-off-course/133071/

No comments:

Post a Comment