The Secret Confessions: Tubong Lugaw Episode 47Internet of Things has shown us time and time again that nothing connected to the internet is safe from hackers, and yet we've mostly written off security-camera fueled botnets as someone else's problem.
But what if the thing in question happens to be a boat loaded with weapons?
SEE ALSO: Herman Miller unveils a cloud-connected desk because that's the world we live inA group of cybersecurity researchers is having a field day online with the discovery that the configuration of certain ships' satellite antenna systems leaves them wide open to attack — and the possible consequences are startling.
Anyone who gained access to the system in question, and was so inclined, could manually change a ship's GPS coordinates or possibly even brick the boat's navigation system entirely by uploading new firmware. And why would anyone want to do that?
"Next gen boat ransomware?," suggested the security researcher x0rz over Twitter direct message with Mashable. "Military special operations? Somalian pirates 2.0?"
This Tweet is currently unavailable. It might be loading or has been removed.
The recent revelation appears to have kicked off with the creation of a ship-tracking map, credited to Jeff Merrick, which shows the real-time locations of boats around the globe. The map is powered by data from Shodan, a search engine that lets users search for internet-connected devices and, according to x0rz, uses data from boats' very small aperture terminals (VSAT) to pinpoint their locations.
VSATs are common tech on yachts, and allow for internet access and communication even when boats are in movement. Interestingly, at least some boats with one type of VSAT, the SAILOR 900, have public IPv4 addresses without any firewall. And, you guessed it, Shodan makes it possible to search for this type of device.
Once located, data about the boat — such as its location — is readily available.
Original image has been replaced. Credit: Mashable But here's where things get wild: The default login credentials, which are easily found online, remain unchanged on at least some of these devices (we're choosing not to publish those credentials for what we hope are obvious reasons) — allowing anyone to gain administrator-level access. Once in, x0rz confirmed to Mashable,a ship's GPS coordinates can be manually changed. What's more, an attacker could upload their own firmware and possibly brick the entire navigation system in the process.
"It's just badly configured," explained x0rz, "but just like as the rest of the Internet (banking, energy, corporate, ...)."
This Tweet is currently unavailable. It might be loading or has been removed.
With just a little googling, a person can determine a bit more about the vessel in question — like, for example, that it contains a "secure, sealed, climate-controlled armoury."
This Tweet is currently unavailable. It might be loading or has been removed.
This isn't the first time someone has called out Cobham, the UK company that manufactures the SAILOR 900, for potentially problematic security vulnerabilities. A 2014 security white paper from IOActive, a cybersecurity research team, dived into the SAILOR 900 and found that the "vulnerabilities in these terminals make attacks that disrupt or spoof information consumed by the on-board navigations systems, such as ECDIS, technically possible, since navigation charts can be updated in real time via satellite."
This Tweet is currently unavailable. It might be loading or has been removed.
So what does Cobham have to say about all of this? Pretty much what you'd expect.
"Our terminals, as is customary with most communications hardware, are delivered with default administrative credentials such as passwords which we strongly advise VSAT users change during technology installation and frequently afterwards in accordance with general password-best-practice processes," a company spokesperson told Mashablevia email. "We emphasize this in our training and throughout our installations manuals."
The spokesperson also noted that they could "quickly reset the password and regain control of the terminal in the instance of passwords being compromised, as was the case in this instance.”
Like so many things, the answer to whether or not we should be concerned about ships being hacked is: it depends. Importantly, x0rz pointed out that the number of boats easily accessible in the above-described manner is limited. However, he also noted that "one is enough to cause a catastrophic event, right?"
And if the boat in question is carrying hazardous material, weapons, or happens to be something other than a pleasure yacht? Well, then we may suddenly find ourselves taking these kind of vulnerabilities a lot more seriously.
This story has been updated to include a statement from Cobham.
Topics Cybersecurity
Analyzing Graphics Card Pricing: October 2018
Samsung's next big Unpacked event is officially on July 10
Webb telescope stares at our galactic neighbor, sees spectacular view
India's moon lander lifts and lands a second time with hop demo
Stop Preordering Video Games
Google Translate has learned 110 new languages with the help of AI
Chinese sports tech firm Keep cuts workforce by 10
Webb telescope stares at our galactic neighbor, sees spectacular view
How to Reboot and Reset Android Devices
'The Bear' Season 3: A guide to the new guest stars
NYT Strands hints, answers for April 23
NASA UAP press conference today: How to watch live
Georgia vs. Portugal 2024 livestream: Watch Euro 2024 for free
Webb telescope just made tantalizing find on ocean world Europa
Dyson V8 Plus cordless vacuum: $120 off at Amazon
NASA's asteroid sample is about to plunge 63K miles to Earth
M.I.A sells literal 'tin foil hat' to supposedly block 5G waves
M.I.A sells literal 'tin foil hat' to supposedly block 5G waves
Best grocery deal: Spend $20 and get $5 off at Amazon
Las Vegas Aces vs. Chicago Sky 2024 livestream: Watch WNBA for free
White Supremacy and the Dangerous Discourse of Liberal ToleranceStaff Picks: Tattoos, Death Grips, and Love LettersRedux: Jamaica Kincaid, James Salter, Robert BlyThe Epic, Neglected Vision of Joan Murray100+ Black Friday laptop deals 2023: Apple, Dell, moreBlack Friday unlocked phone deals: Apple, Samsung, moreStaff Picks: Bobby, Janelle, and Romeo by The Paris ReviewThe Epic, Neglected Vision of Joan MurrayDinner at the End of America by Laura BannisterDarcy and Elizabeth Go to Summer Camp by Ted ScheinmanHere for the Ride: Andre D. Wagner’s Subway PhotographsBest Black Friday deals: Sales live at Best Buy, Walmart, and Target“Even poverty is ancient history”: Resurrection City, 1968 by Jill FreedmanThe Agony and the XTCBest Black Friday robot vacuum deals 2023The Art of MadnessHow ChatGPT could be changing pokerSnap Streak getting you down? Give it a pause.Google Bard's YouTube extension can now answer complex questionsWhen Women Aren’t Angels Like the Cat That Got the Cream The Morning News Roundup for February 5, 2014 These vintage Apple sneakers can be yours for $50,000 Remembering Loehmann’s How to share Kindle e What We’re Loving: Pragmatism, Professional Consultants, Pubic Crests by The Paris Review Here's how to pre Remembering the National Air and Space Museum and the nation's guilty conscience. No, Joe Biden's climate plan doesn't limit eating red meat James Joyce’s modern heirs, the Hardy Boys’ strangest mysteries yet, and other news Sadie Stein Reflects on Robert Burns’s Poem “Address to a Haggis” Morning News Roundup for January 28, 2014 The Morning Roundup for January 23, 2014 Samsung Galaxy Z Fold 5: Specs, release date, price, preorder details Annie Dillard and Co. Sing in the Everly Brothers, Circa 1995 Remembering Pete Seeger In 2014, Subscribe to the Paris Review and McSweeney's How to preorder the Samsung Galaxy Z Fold 5 'The Witcher' review: Season 3 ups the monsters for Henry Cavill's last ride Everything Samsung announced at its Galaxy Unpacked event
1.5502s , 10133.828125 kb
Copyright © 2025 Powered by 【Secret Confessions: Tubong Lugaw Episode 47】,Creation Information Network