Thursday, 26 October 2017

A common satellite comms package for ships and oil rigs has a backdoor that won't be patched

An audit of Inmarsat's AmosConnect 8 (originally sold by Stratos Global, now an Inmarsat division) reveals that the ship-to-satellite internet product has a deliberate hidden backdoor -- and an accidental SQL code-injection vulnerability -- that allows anyone in the world to take over all, interrupt, and/or spy on the internet access on many of the world's largest ships and oil rigs. (more…)