Penetration testing experts looking at commercial ships and oil rigs discovered a series of security vulnerabilities, including one that allowed them to take complete control of a rig at sea.
–
Pen Test Partners (PTP), a security consulting company, believes that very few maritime companies understand the importance of information security activities at sea. The most notable discovery from PTP’s maritime penetration testing, which was intended for use in oil and gas exploration, allowed them to easily take control of a deep-sea drilling rig.
PTP expert Ken Munro further explained that they can do everything they want such as: stopping the engine, activating the thruster (dynamic positioning system), changing the rudder position, and intervening in the system. navigate, disable systems and shut them down.
Nigel Hearne, another PTP expert, said that maritime technology suppliers have different approaches to security issues. Hearne shared that in the past, he and his colleagues have inspected everything from a deep-sea exploration drilling rig, a new cruise ship, a Panamax container transport ship and a number of other things and then forced must use the word “bad” for general assessment.
Among the things the team found were secret Wi-Fi access points in non-Wi-Fi areas of the ship, which crew members had bridged between the ship’s technical control system and the ship’s interface system. staff. Because the size of the ship is very large and they need to administer or monitor the systems from another place on the ship without having to travel around the ship.
PTP also found that seafarers often use old, default, easy-to-guess passwords and even stick password notes on their PCs.
–
Experts also found “hardened” login information embedded in key items, including the ship’s satcom system (comms mast satellite), which could potentially allow anyone on board to log in and use the ship owner’s paid internet connection, or cut it off.
Vina Aspire Company Limited | Tel: +84 0944 004 666 | Email: info@vina-aspire.com | Website: www.vina-aspire.com
–
Vina Aspire – An excellent brand in the field of consulting, providing solutions and services on network security, confidentiality, and information security during the integration period
VinaAspire News
Nguyễn Anh Tuấn , theo The Register | http://antoanthongtin.vn/lo-hong-attt/he-thong-bao-mat-tren-bien-te-den-muc-cac-chuyen-gia-co-the-di-chuyen-duoc-ca-gian-khoan-dau-105873?fbclid=IwAR3HEef_Zzzm9X48fgckVEJobhsXLCLYiUURyThFAnl1GdothGil4b4FGDs
