Cobham, the UK satellite communications provider, which was at the center of an embarrassing ship hack on Tuesday, has laid the blame on a client.
A France-based IT security researcher was able to gain access to the satellite communications system of a ship in South American waters this week.
The researcher used the search engine Shodan to find easy online targets at sea. Shodan is now live tracking ships via VSAT antennas exposing web services. Using the username ‘admin’ and the password ‘1234’ the tech expert was then able to access the communication centre of the ship as it made its way through South American waters. The researcher then made his findings known on Twitter.
A Cobham spokesperson responded late on Wednesday to questions sent by Splash 24 hours earlier.
“An individual claimed they achieved unauthorized access to our VSAT system by using default administrative credentials. Our terminals, as is customary with most communications hardware, are delivered with default administrative credentials such as passwords which we strongly advise VSAT users change during technology installation and frequently afterwards in accordance with general password-best-practice processes. We emphasise this in our training and throughout our installations manuals,” the spokesperson said, adding that Cobham then quickly changed the password of this particular system and regained control of the terminal.
Cobham stressed in an email to Splash that it is standard practice in the communications industry to delivery products such as VSAT with default credentials, which should be changed immediately.
Cobham said it recommends that passwords include numbers, symbols and upper and lower case letters, and it instructs users to never share their passwords.
“It is the accepted responsibility of the third party installer, service provider or end-user to change passwords at the installation stage and then on a regular basis,” the company spokesperson stressed.
The IT security expert who breached the ship’s communications system told Splash it had been a one-off experiment and that he had done no harm to the system he had accessed.
“As expected, it’s the customer’s fault :),” he replied via Twitter on hearing Cobham’s response to the hack.
Lars Jensen, the founder of CyberKeel, a maritime cyber security specialist, told Splash earlier this week: “If a vessel operates with a VSAT system using factory settings, the vessel operator has a problem. All vessel operators should check all their VSAT setting right now and if they are factory settings also change them right now.”