Cobham blames client for satcom hack

Cobham, the UK satellite communications provider, which was at the center of an embarrassing ship hack on Tuesday, has laid the blame on a client.

A France-based IT security researcher was able to gain access to the satellite communications system of a ship in South American waters this week.

The researcher used the search engine Shodan to find easy online targets at sea. Shodan is now live tracking ships via VSAT antennas exposing web services. Using the username ‘admin’ and the password ‘1234’ the tech expert was then able to access the communication centre of the ship as it made its way through South American waters. The researcher then made his findings known on Twitter.

A Cobham spokesperson responded late on Wednesday to questions sent by Splash 24 hours earlier.

“An individual claimed they achieved unauthorized access to our VSAT system by using default administrative credentials. Our terminals, as is customary with most communications hardware, are delivered with default administrative credentials such as passwords which we strongly advise VSAT users change during technology installation and frequently afterwards in accordance with general password-best-practice processes. We emphasise this in our training and throughout our installations manuals,” the spokesperson said, adding that Cobham then quickly changed the password of this particular system and regained control of the terminal.

Cobham stressed in an email to Splash that it is standard practice in the communications industry to delivery products such as VSAT with default credentials, which should be changed immediately.

Cobham said it recommends that passwords include numbers, symbols and upper and lower case letters, and it instructs users to never share their passwords.

“It is the accepted responsibility of the third party installer, service provider or end-user to change passwords at the installation stage and then on a regular basis,” the company spokesperson stressed.

The IT security expert who breached the ship’s communications system told Splash it had been a one-off experiment and that he had done no harm to the system he had accessed.

“As expected, it’s the customer’s fault :),” he replied via Twitter on hearing Cobham’s response to the hack.

Lars Jensen, the founder of CyberKeel, a maritime cyber security specialist, told Splash earlier this week: “If a vessel operates with a VSAT system using factory settings, the vessel operator has a problem. All vessel operators should check all their VSAT setting right now and if they are factory settings also change them right now.”

Sam Chambers

Starting out with the Informa Group in 2000 in Hong Kong, Sam Chambers became editor of Maritime Asia magazine as well as East Asia Editor for the world’s oldest newspaper, Lloyd’s List. In 2005 he pursued a freelance career and wrote for a variety of titles including taking on the role of Asia Editor at Seatrade magazine and China correspondent for Supply Chain Asia. His work has also appeared in The Economist, The New York Times, The Sunday Times and The International Herald Tribune.
Back to top button