Security News > 2020 > February > Shipping is so insecure we could have driven off in an oil rig, says Pen Test Partners

Shipping is so insecure we could have driven off in an oil rig, says Pen Test Partners
2020-02-18 16:45

Penetration testers looking at commercial shipping and oil rigs discovered a litany of security blunders and vulnerabilities - including one set that would have let them take full control of a rig at sea.

Making heavy use of the word "Poor" to summarise what he had seen over the past year, Hearne wrote that he and his colleagues had examined everything from a deep water exploration and the aforementioned drilling rig to a brand new cruise ship to a Panamax container vessel, and a few others in between.

Why were seafarers doing something that seems so obviously silly to an infosec-minded person? Munro told us: "Someone needs to administrate or monitor systems from somewhere else in the vessel, saving a long walk. Ships are big!".

Another potential explanation proferred by Munro could apply to cruise ship crews where Wi-Fi is generally a paid-for, metered commodity: "Their personal satellite data allowance has been used up, so they put a rogue Wi-Fi AP on to the ship's business network where there are no limits."

The pentesters also found "Hard coded credentials" embedded in critical items including a ship's satcom unit, potentially allowing anyone aboard the ship to log in and piggyback off the owners' paid-for internet connection - or to cut it off.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/18/shipping_cybersecurity_rather_poor/