Two Vulnerabilities Discovered in Inmarsat’s SATCOM Systems

Earth based satellite dish

Security firm IOActive has reported two critical vulnerabilities in Inmarsat’s AmosConnect 8 system, demanding an immediate solution from the company.

A team of researchers has identified two critical vulnerabilities in the global satellite telecommunications system used by the company Inmarsat.

Due to these vulnerabilities, security experts confirm that thousands of Inmarsat customers will be affected by the issue since all of them are running the newest version of their AmosConnect platform.

Inmarsat’s SATCOM systems are identified to have been affected by vulnerabilities that provide a backdoor in the system’s communications.

It creates a risky scenario for all customers who use the AmosConnect platform, particularly maritime sea vessels which use the platform predominantly for their communication requirements.

If a hacker successfully manages to gain access into the system, they will be able to gain full administrator privileges and remotely gain access to all user credentials, which can later be downloaded onto their own computer.

This poses a major threat to all companies that deal with this platform.

A security firm named IOActive was the first to identify the issue with Inmarsat’s SATCOM systems back in 2014. Now, researchers at the firm have uncovered even more flaws with the company’s communication products—this time, with AmosConnect.

Mario Ballano, a chief security officer at ‎IOActive, commented that when a ship uses the AmosConnect platform, it is bound to create a lot of issues.

Considering the type of companies that use the system, it is confirmed to be a critical vulnerability that needs an immediate fix.

As soon as the issue was identified, media thronged towards Inmarsat asking for a comment but the company didn’t release a statement until they were sure the two vulnerabilities were identified and confirmed to exist.

Later, the company finally put out a press release saying that when IOActive notified them of the vulnerability, they released a security patch for the program immediately—even though the particular software was at the end of its lifecycle and will no longer be used by any ships or other maritime sea vessels.

The statement further claimed that the AmosConnect 8 security patch ensured that operations carried out smoothly to significantly reduce the amount of risk associated with using the platform.

AmosConnect 8 is a SATCOM service which provides a list of services on the same channel including telephone, email, fax, telex and GSM text, in addition to supporting inter-office communication.

The version was launched by Inmarsat back in 2010 and has eventually reached its lifecycle.

padlock on a keyboard

Critical vulnerability needs an immediate fix

Two different vulnerabilities were discovered by the security team. One of them is a blind SQL injection flaw, which may provide the hacker access to the login form.

A trained hacker can manage to get user credentials including usernames and passwords by exploiting this backdoor issue, as it is easy to convert this data from encrypted format into plain text because of the problem.

The second vulnerability pertains to the hard-coded credentials found on the AmosConnect 8 platform, which is even more critical as it could allow a hacker to gain full administrator privileges.

They will also be able to execute commands on any targeted system.

Multiple examples and screenshots are provided by the IOActive security team in order to prove their claim.

They managed to gain user credentials and passwords while also making changes to the admin privileges.

On the contrary, Inmarsat claims that no hacker would be able to control the admin panel remotely because they would have to manually access the ship’s PC in order to fully hack into it.

A remote access attempt will be blocked through the firewall setup in place.

Existing customers are requested to roll back to the AmosConnect 7 platform to stay safe while the developer claims that they have already issued a statement confirming the end of the product cycle this year.

The ninth edition of the software should be out soon, which is the only option customers have to avoid the security issues associated with the vulnerabilities.

Using one with an identified vulnerability is no longer safe to work with, especially for a ship or maritime vessel that’s responsible for carrying important cargo through the ocean.

IOActive has played a crucial role in identifying the backdoor vulnerabilities and reporting them to Inmarsat in time so that they could roll out a fix.

While the update was not immediate due to the end of the product cycle, the company did take the report into account and promised to fix things quickly.

Meanwhile, the security firm advises all existing users to rollback, which is the only sure shot option to go for presently.

Leave a Reply