AmosConnect 8 Hack: Popular Maritime Communication Platform Could Be Hacked

Security researchers discovered a number of critical vulnerabilities in software used by thousands of maritime ships around the world that could give an attacker total access to onboard systems and information.

The security flaws, which steam from the AmosConnect 8.0 communication shipboard platform used in a number of ships, were revealed Thursday by researchers at the United States-based cybersecurity firm IOActive.

The AmosConnect platform, which is produced by Stratos Global—a subsidiary of British satellite telecommunications company Inmarsat—is used to provide ships with narrowband satellite communications. It also provides access to email, fax and interoffice communication among other means of connectivity to those at sea.

Unfortunately for the many ships relying on AmosConnect to provide communications services, the platform also provides hackers and other threat actors with considerable access to vital and sensitive information.

According to researchers at IOActive, the login form for the platform is vulnerable to attack through a blind SQL injection, in which a threat actor injects malicious data into a form in order to produce an error message that allows the attacker to retrieve information about the server.

In the case of the AmosConnect8 system, the injection attack allows the attackers already on the network to gain access to the login credentials of other users, including usernames and passwords stored in plaintext. The researchers said the vulnerability was “trivial to exploit.”

The potentially worse and more damaging discovery made by the researchers was a backdoor found in the AmosConnect server that, if exploited, would give an attacker complete access to system and administrative privileges. A hacker would be able to remotely execute malicious code on the AmosConnect server through the vulnerability.

"If compromised, this flaw can be leveraged to gain unauthorized network access to sensitive information stored in the AmosConnect server and potentially open access to other connected systems or networks," the researchers said.

The security flaws is a troubling one for any ship operating on the AmosConnect 8.0 platform, as it leaves the ship’s communication systems vulnerable to debilitating attack and puts the vessel and its crew at risk. Sensitive company information could be stolen or used to carry out other attacks against the ship. Shipping companies, for instance, could have cause for concern that criminals may intercept packages with intent to steal them.

The discoveries made by IOActive build upon previous disclosures of security flaws discovered in AmosConnect platforms. The company has since discontinued version 8.0 of its communications system and has advised customers revert back to AmosConnect 7.0.

In a statement, Inmarsat downplayed the potential risk posed by the vulnerabilities while noting it has taken steps to mitigate potential exploit of the flaws.

“It is important to note that this vulnerability would have been very difficult to exploit as it would require direct access to the shipboard PC that ran the AC8 email client. This could only be done by direct physical access to the PC, which would require an intruder to gain access to the ship and then to the computer,” the company said.

Inmarsat also said it terminated support for the AmosConnect 8.0 platform in July and issued a patch for the vulnerability prior to the end of the system’s lifecycle.