Ships and aircraft of civvie and military owners are often equipped with satellite communication systems, enabling the crew to send and receive messages or orders, and the Internet while traveling. It turns out some of these systems are deeply insecure and allow for attackers to access and interfere with communication and – if integrated – the whole onboard computer system.
The very small aperture terminal (VSAT) is the two-way satellite ground station used on most air and sea crafts with a dish antenna with a diameter of about one meter. The VSAT system has been deemed as a secure way of communications, for example point-of-sale and ATM credit card data are always traveling trough such systems.
A year ago it has been discovered that a large number of VSAT terminals can be reached from the public Internet or can be tracked by free services, like Shodan. Also there was some mentioning of improperly set-up terminals with default passwords, etc.
If the VSAT terminals can be accessed, it means that “these can be tracked via Shodan and accessed through default login credentials. Attackers can figure out the location of targeted ships with utmost precision using the VSAT system’s IP address and language”.
Back then this was news, but according to our sources now custom-built tools are available for purchase trough the dark web, which could target most VSAT terminals and other VoIP and video satellite Internet access devices and some of these are even able to automatically produce a reverse shell of the runtime environment these are integrated with. And that’s no good news.
Today, it became normal to have the ships uplinked to cloud services, and with this vulnerability remaining, the prospect of a successful attack via a VSAT terminal is getting more probable every day.