How Ship Satellite Communications are hacked and how to keep them safe
What is Ship Satellite Communication ?
According to the ethical hacking researcher of International Institute of Cyber Security, Ship security satellite is a process where external devices like sailor 100 gx are used to communicate on the land or nearby ships or boaters. Earlier we have shown that shodan can be used to find open ship satellite communications. Most satellite communication works by using a device which is installed in the ships or boats. Devices send messages to the satellite. Satellite receive them transmit it to other location. Where message has to send.
According to ethical hacking researcher of international institute of cyber security open ship satellite devices are most vulnerable & can be various hacking activities.
Principle of Satellite Communication in Boats or Ships :-
In satellite communication geostationary remains in fixed position relative to given geographical location. The satellite is in fixed orbit but moves in consistent relationship with the earth. There could more than one satellite to cover greater percentage of sea. An orbiting satellite moves in orbit so it passes above given geographical location. Such transceiver which are installed in the ships or boats come into satellite range at periodic time intervals. The transmitter saves message until the satellite is in range of receiving earth station.
Ship Satellite Companies :-
If you are part of petroleum team, fishing vessels, or cargo ship or you are part of cruise line. Ship satellite security is the most important factor now days. There are many companies which provide ship satellite communication devices.
cobham.com provide many solutions regarding ship satellite communications. One of the popular product is Sailor 900 VSAT.
Sailor 900 VSAT Communication :-
- The SAILOR 900 VSAT is an advanced maritime secured with Ku-band antenna system built with high quality & high performance.
- As demonstrated in the ethical hacking classes of institute that the default credentials of the SAILOR 900 VSAT can be seen in the manual, which can easily be seen on the internet. So the default username : admin & password : 1234 of Sailor 900 VSAT system.
Intellian Fleet Xpress Communication :-
- Intellian is another maritime system used at sea with high accleration of Ka-Band data.
- The default username : intellian & password : 12345678 of Intellian Fleet Xpress
Boost safety Ship satellite Devices :-
Basic tips which can help to save from cyber attack on ship satellite communication system.
- Change Default Password : Most ship satellite system has default password 1234. Always remember to change your default password. The password must be 10 to 15 characters long containing special characters (@#$%&*). If the password is left common, most probably attacker can excess admin settings of the system Do not write password on board or anywhere on the ship.
- Updates the Ship Satellite System : If you are using strong password attacker can still access your ship satellite system, so always update ship satellite systems to stay from cyber attacks. Go to : https://sync.cobham.com/satcom/support/downloads/?type=2502&article=7399 Download the latest firmware & install firmware. You can check version displayed in Sailor VSAT interface.
- Updating & Installing Satellite Terminals : Always update terminals regularly to avoid attack. Regular checks are required, terminal manufactures regularly release new version of terminals. Important updates include vulnerabilities. Sometimes there is not IT support. Updates can be installed over the air using terminal. But there must be proper set of configuration when installing updates through terminal over the air.
- Don’t Open ship satellite IP address on the public internet : Make sure ship satellite is not publicly open. Terminal should remain closed. Most of ship satellite system provide set of personalized IP addresses. You can set personalized IP addresses. Only crew members should know the IP addresses which gives access to the terminal.
Originally published at https://www.securitynewspaper.com on April 13, 2019.