Security researchers from IOActive have identified that there are two critical vulnerabilities exist in the platforms used by seaborne ships to reach the internet. The flaws in the software can leak data from the sea and also enable pre-authenticated attackers to fully compromise an AmosConnect server.
The first flaw is a blind SQL injection in the login form, which allow unauthenticated attackers to obtain access to credentials saved in its internal database. The server saves usernames and passwords in plaintext, which make it easy to exploit.
The second vulnerability is a privileged backdoor account, which enables attackers to execute commands with SYSTEM privileges on the remote system by abusing AmosConnect Task Manager.
According to researchers:
“The AmosConnect server features a built-in backdoor account with full system privileges. Among other things, this vulnerability allows attackers to execute commands with SYSTEM privileges on the remote system by abusing AmosConnect Task Manager.”
The vulnerabilities are not easily accessible but can enable in-depth access to the systems of the ship. Attackers can simply get access to ship’s network using a hacked mobile device that exists on the ship or maybe the function could be made by an infected USB drive that might be brought onboard to exchange data with ports or hackers can get physical access too.