A common satellite comms package for ships and oil rigs has a backdoor that won't be patched


Originally published at: https://boingboing.net/2017/10/26/inmarsat-amosconnect8.html


Without knowing a whole lot about how those systems operate, it seems a transparent proxy device could perform at the very least a re-write to send a fake post office id. That would cost what, $40? For about $100 you could setup a SNORT device to mitigate the post office ID issue and SQL injection issue as well.


According to this note on a repost of the article, “The majority of shipboard systems, including vulnerable wireless systems which can be penetrated from 20+ miles away, share a common backbone. This backdoor allows an intruder greater control over shipboard comms which is critical to maximizing the delay between penetration and discovery.”



Well that makes it easy then. That common backbone simply needs a transparent proxy device to rewrite the ID and squash the SQL attack.


Would encryption work for the crew when browsing or communicating through these systems?


They named the function authenticateBackdoorUser. Just chew on that for a second.


Yeah, but you’re talking about the industry that ranks lowest across the board for all forms of cybersecurity. I know some guys who do this stuff for a living, they just laugh at the stories about freighters being hijacked electronically, “Yeah, we told those guys about that problem ten years ago!”



Cool how the white portion reflects off the taller building to appear as if they intersect.


How totally Spook Country. And once again Bill Gibson proves he’s this generation’s prophet par excellence. :slight_smile:


Just, y’know, in that really depressing and terrifying way of his.


He’s definitely not a self-described optimist. :wink: This interview is GREAT:

He has been one of the most influential figures in my life, by far. Reading his shit as I was discovering modems as an early-teen in the early to mid 90s really… Put things in perspective for me. And goodness am I thankful that I had his work in my back pocket as we’ve all come up over the past 20-25 years.


“It’s a trap!”


The ‘pirates’ case I can definitely see. Is there anyone wise in the ways of commercial maritime activity who can enlighten us on how much cargo/destination/location information is already required, either for customs purposes, navigational safety reasons, or because insurance is more expensive if your ship could just drop off the map without anyone knowing where it was? (and, one presumes, to what degree these disclosures are treated as an inconvenience that doesn’t necessarily deserve the whole truth; which would provide a nation state with a possible incentive to double check).

It was my vague layman’s understanding that navigational transponders were already a pretty routine thing for ships of nontrivial size, especially in areas cluttered enough for collisions to be a potential problem; and that entering or leaving a port would trigger questions about what you are loading or offloading; so I’m curious how much known or suspected unknown there would be for a nation state. Presumably a fair bit for states interested in ships that never entered or left their ports(or interacted with their insurers); quite possibly some interest in…secondary verification…of what the form says all those containers contain even from origin or destination states; but I don’t really know, hence the question.


This wouldn’t exactly be the first time that somebody’s spook toy has had unintended consequences(see also, the approximately weekly release of some malware powered by NSA-proven techniques); but there seem like a couple of odd things about bugging satellite communications by putting really janky firmware vulnerabilities into modems:

The one is the potential for discovery. Clearly it didn’t become known nearly fast enough; but (unlike a satellite; or direct access to Inmarsat’s network operations) the modem is something that basically anyone who can afford it can just order and have physical access to poke at. If it’s an older model, you can probably even score one used for cheap(or one that is unreliable on the RF side, so no longer fit for service; but still has the embedding computing side operating; which shoud be even cheaper). That sets a comparatively low bar for an adversary who wants to have a thorough look.

The other is that satellite communications providers are probably even more supine in the face of state requests(and industry standards are pretty low) than terrestrial ones. Same sort of limited number of oligopoly providers who know where their bread is buttered; except that these ones depend on smooth access to satellite launch capabilities and military customers are probably fairly well represented among people willing to pay well for phone/internet access that works in all sorts of places far from the beaten path; and anyone who could potentially decide to buy from a more…patriotic…supplier has some influence over you.

One would expect that the various telco surveillance stories apply to satellite ones as well; with the added intensity provided by the fact that, unlike the overwhelmingly boring customer base of cheap landline and cell services, satellite customers are a self-selected group that just screams “I’m doing interesting things, in interesting places, that pay well enough that I can afford satellite connectivity!” which are definitely people you might want to check up on.

If the targets have their act together, and carrier-provided surveillance is hitting a wall of “It’s just a VPN to their headquarters, like always.” I could see that being an incentive to try to implant something a bit more local; but if not, it seems like a lot of potential risk(of discovery and of exploitation by 3rd parties who don’t have your privileged access to the world’s satellite providers but do have internet access and some people who know how to use computers); when you could just ask the telco to rat them out for you.


I wouldn’t call it ‘encouraging’; but something like that is so blatant that it makes one wonder if the purpose of the ‘feature’ really was “Customer service has been having a hell of a time with users who change the credentials and then expect us to fix their goddamn oil rig in the middle of nowhere over the phone somehow. Can you do something?” feature request(still a terrible plan, for all the usual reasons); rather than a spook implant.


This topic was automatically closed after 5 days. New replies are no longer allowed.