For those who might take offense of the title, bear with me for a second. Some ships just got their VSAT hacked – and clearly that should not have been possible.
Yesterday, a hacker or IT security researcher (all depending on perspective) published a map of ships he had found through a search engine called Shodan. Shodan is a search engine where you can find computer hardware which is online – a tool we at CyberKeel have highlighted to the maritime industry for 3 years as a risk versus vessels as well as automated port and terminal equipment. If you have hardware, it can be found. In this case it was used to find VSAT connections for vessels.
The trivial thing is that it was used to create a map showing where vessels are right now. It appears that the people publishing this did not know that multiple vendors have provided this service for years using AIS data. Hence the ability to geolocate a vessel is not really interesting.
What is much more important is that he found multiple VSAT installations on vessels which were simply operating on the standard factory default settings. Clearly such settings are easy to get hold of, and if they are not changed when you install your system, then it is of course an open invitation for outsiders to take control of your VSAT equipment on the vessel. You are essentially giving the whole world your admin login details. How much damage you can then do by further penetrating systems on that vessel is dependent on how the rest of your network is configured. Irrespectively, any responsible vessel owner or operator do not want an outsider to be able to control the VSAT.