021 ArchivesInternet of Things has shown us time and time again that nothing connected to the internet is safe from hackers, and yet we've mostly written off security-camera fueled botnets as someone else's problem.
But what if the thing in question happens to be a boat loaded with weapons?
SEE ALSO: Herman Miller unveils a cloud-connected desk because that's the world we live inA group of cybersecurity researchers is having a field day online with the discovery that the configuration of certain ships' satellite antenna systems leaves them wide open to attack — and the possible consequences are startling.
Anyone who gained access to the system in question, and was so inclined, could manually change a ship's GPS coordinates or possibly even brick the boat's navigation system entirely by uploading new firmware. And why would anyone want to do that?
"Next gen boat ransomware?," suggested the security researcher x0rz over Twitter direct message with Mashable. "Military special operations? Somalian pirates 2.0?"
This Tweet is currently unavailable. It might be loading or has been removed.
The recent revelation appears to have kicked off with the creation of a ship-tracking map, credited to Jeff Merrick, which shows the real-time locations of boats around the globe. The map is powered by data from Shodan, a search engine that lets users search for internet-connected devices and, according to x0rz, uses data from boats' very small aperture terminals (VSAT) to pinpoint their locations.
VSATs are common tech on yachts, and allow for internet access and communication even when boats are in movement. Interestingly, at least some boats with one type of VSAT, the SAILOR 900, have public IPv4 addresses without any firewall. And, you guessed it, Shodan makes it possible to search for this type of device.
Once located, data about the boat — such as its location — is readily available.
Original image has been replaced. Credit: Mashable But here's where things get wild: The default login credentials, which are easily found online, remain unchanged on at least some of these devices (we're choosing not to publish those credentials for what we hope are obvious reasons) — allowing anyone to gain administrator-level access. Once in, x0rz confirmed to Mashable,a ship's GPS coordinates can be manually changed. What's more, an attacker could upload their own firmware and possibly brick the entire navigation system in the process.
"It's just badly configured," explained x0rz, "but just like as the rest of the Internet (banking, energy, corporate, ...)."
This Tweet is currently unavailable. It might be loading or has been removed.
With just a little googling, a person can determine a bit more about the vessel in question — like, for example, that it contains a "secure, sealed, climate-controlled armoury."
This Tweet is currently unavailable. It might be loading or has been removed.
This isn't the first time someone has called out Cobham, the UK company that manufactures the SAILOR 900, for potentially problematic security vulnerabilities. A 2014 security white paper from IOActive, a cybersecurity research team, dived into the SAILOR 900 and found that the "vulnerabilities in these terminals make attacks that disrupt or spoof information consumed by the on-board navigations systems, such as ECDIS, technically possible, since navigation charts can be updated in real time via satellite."
This Tweet is currently unavailable. It might be loading or has been removed.
So what does Cobham have to say about all of this? Pretty much what you'd expect.
"Our terminals, as is customary with most communications hardware, are delivered with default administrative credentials such as passwords which we strongly advise VSAT users change during technology installation and frequently afterwards in accordance with general password-best-practice processes," a company spokesperson told Mashablevia email. "We emphasize this in our training and throughout our installations manuals."
The spokesperson also noted that they could "quickly reset the password and regain control of the terminal in the instance of passwords being compromised, as was the case in this instance.”
Like so many things, the answer to whether or not we should be concerned about ships being hacked is: it depends. Importantly, x0rz pointed out that the number of boats easily accessible in the above-described manner is limited. However, he also noted that "one is enough to cause a catastrophic event, right?"
And if the boat in question is carrying hazardous material, weapons, or happens to be something other than a pleasure yacht? Well, then we may suddenly find ourselves taking these kind of vulnerabilities a lot more seriously.
This story has been updated to include a statement from Cobham.
Topics Cybersecurity
Best Apple TV+ deal: Get 3 months for $2.99 monthly
NYT mini crossword answers for June 11, 2025
'Mormon Wives' star Whitney Leavitt shares MomTok video essentials
Ranking the Fallout Games
Study trains Port Jackson sharks to respond to jazz music
Using FreeSync with Nvidia GPUs Examined
Peru vs. Ecuador 2025 livestream: Watch World Cup Qualifiers for free
Finland vs. Netherlands 2025 livestream: Watch U21 Euro 2025 for free
Best Amazon deal: Get a $5 Amazon credit when you spend $30 on home essentials
Best streaming deal: Get 3 months of ESPN+ for $4.99 per month
Outdoor speaker deal: Save $20 on the Soundcore Boom 2
Things Intel Needs to Fix
Productivity Boost: Enable 'Night Mode' on All Your Devices
How to watch the 2025 U.S. Open live online
Today's Hurdle hints and answers for May 5, 2025
Jools Lebron's must
Apple's Liquid Glass redesign is dividing the internet
Productivity Boost: Enable 'Night Mode' on All Your Devices
Amazon Spring Sale 2025: Best Apple AirPods 4 deal
11 Myths About Buying a New 4K TV
Trump admin takes 'safety' out of U.S. AI Safety InstituteBest Apple deal: Save $80 on Apple Watch SEPaul vs. Alcaraz 2025 livestream: Watch French Open for freeTour de France 2025 livestream: Watch Tour de France for freeBest Stanley deal: Get a 30Here's how and where you might see an aurora tonightSamsung issues urgent warning to activate Galaxy antiBest earbuds deal: Save $36 on the Soundcore Sleep A20NYT mini crossword answers for June 5, 2025Keys vs. Gauff 2025 livestream: Watch French Open for freeBest Stanley deal: Get a 30Best headphones deal: Save 37% on the Sony WHNYT mini crossword answers for June 3, 2025Brennan Lee Mulligan on 'Dimension 20: Cloudward, Ho!' and bringing steampunk to the domeTrump admin takes 'safety' out of U.S. AI Safety InstituteNYT Strands hints, answers for June 3Best smartphone deal: Get $250 off the Google Pixel 9 at AmazonWordle today: The answer and hints for June 3, 2025Here's how and where you might see an aurora tonightBest Stanley deal: Get a 30 The Cookbook Review by The Paris Review Horrific Surrealism: Writing on Migration by Viet Thanh Nguyen Making a Claim on Language: A Conversation with Adania Shibli by Max Weiss If Taylor Swift attends Super Bowl 2024, who will she bring? There and back: Elon Musk's SpaceX makes history with epic rocket launch and landing Apple approved a fake 'LastPass Password Manager' app for the App Store My Cat Mii by Mayumi Inaba 'Moana 2' is coming and we're clinging to Disney's tiny reveals New photos reveal Jeff Bezos' Blue Origin is going to be pretty swanky MashTalk: Samsung's Galaxy S8 is here, but does it live up to all the hype? William and Henry James by Peter Brooks Spanish Journals by Catherine Lacey The NFL isn't smart enough to rig the Super Bowl for Taylor Swift Rabelaisian Enumerations: On Lists by Andrew Hui Tracings by Sarah Aziza The Erotics of (Re)reading by Peter Szendy 'Moana 2': Lin Google Bard is now Google Gemini Air fryer Super Bowl recipes: Wings, pigs in a blanket, fries, and more The Best Books of 2024, According to Friends of the Review: Part One by The Paris Review
2.442s , 10133.5625 kb
Copyright © 2025 Powered by 【2021 Archives】,Inspiration Information Network