Blog: Maritime Cyber Security
Out Of Band, Out Of Sight, Out Of Mind
Satellite receivers aboard maritime vessels can be tricky things to manage, yet are crucial to efficient operations of modern drilling rigs and ships.
Particularly on rigs, it’s not that unusual for a receiver dish to be knocked out of alignment during drilling operations. Lose satcoms and you’re operating half-blind.
Other common causes of outages on ships and rigs include config changes breaking something, as those changes are often applied blind. Equipment failures are another common reason; the intended failover process didn’t work properly, so you get a complete outage.
It’s also rare for anyone on board a ship to have sufficient skills to be able to reconfigure that receiver if it goes offline.
So you contact shore-based IT support for help. Oh, except you can’t because the satcoms are offline!
At that point the satphone may be taken out of the safe and used to dial for assistance.
An engineer gets put on a helicopter and flown out to the rig. Yes, really.
It’s rare that the issue will occur during a regular shift change, so the costs of that flight can be frightening, but still less than the cost and risk of operating without connectivity.
Enter Out of Band Management
You’re probably familiar with the concept of OOB management for ILO for server rack power supplies, but similar has existed for years for console based access to switches, industrial control components and the like.
OOB is also really useful for resolving the failed satcom issue at sea.
Typically, a backup satcom connection will be used, probably Fleet Broadband or similar rather than VSAT. The data costs can be frightening (~$20/MB or more) but compared to the cost of that helicopter and engineer, they’re cheap.
So you have a back-channel on to the management plane of the core network on a vessel or rig at sea. What could possibly go wrong?
We also find OOB used to manage comms in remote shore-based facilities and even mobile vehicle operations.
What does go wrong?
We looked at the Uplogix 3200 OOB console a while back. Whilst it didn’t protect credentials well, one would have to get hold of one of the devices to recover the credentials from.
Now, if creds were re-used across multiple sites and a used device was re-sold on eBay, I guess there would be a problem.
Also, if weak creds were used, brute force becomes a real possibility. We find weak credentials in operational technology a LOT, often stuck to servers and workstations:
I love that someone took time to choose a non-standard typeface there!
But then it struck us that brute force can take a lot of bandwidth. A lot of bandwidth on a high-latency connection. A very expensive connection.
Ping responses can take 700ms or more.
Then we went hunting on https://shodan.io to see what we could find. Even a really simple search for ‘uplogix’ found quite a few OOB terminals on the public internet:
SSH open? Why not simply batter the service until you either get the creds or the satellite airtime package credit expires.
One either compromises the device or racks up a huge bill for the victim. Evil!
Not just satcoms
Mobile data is a much cheaper way to achieve out of band comms, particularly where it’s possible to mesh a signal between rigs and then to shore. Mobile data to remote outstations is often available even where fixed line connectivity isn’t.
However, we’ve found plenty of issues in OOB management devices that use cellular data, plus issues in the modems that support this too.
The eWon Flexy is a great example of a device that can be used for out of band. It had some interesting security issues when we looked at it in June last year.
There were around 3500 of them on the public internet at the time too. Oops!
Various mobile data modems have had issues too. We gave a talk at DEF CON this year about some pretty concerning vulnerabilities in these.
- RCE in a TP-Link M7350
- Arbitrary Command Execution in a ZTE MF910 & MF920
- Issues in a Netgear Nighthawk M1
/etc
Recommendations
Don’t put OOB consoles on the internet – it should be fairly easy to have the satcom provider NAT them.
Make sure your credentials aren’t easily guessed.
Set alert levels so you know if someone is hammering your satellite connections. Fleet Broadband is great for coverage, but a heck of a lot more expensive than VSAT!