Following their recent blog which highlighted vessel satcom box vulnerabilities using Shodan, a search engine which finds devices connected to the internet, Pen Test Partners has again warned ship owners and operators to ensure their satcom boxes are secure.

In the updated blog, senior partner Ken Munro explains how he was able to use a new real time ship-mapping feature on Shodan to geo-locate vulnerable vessels through their satcom boxes.

By combining this with AIS data, a hacker has everything they need to select a suitable ship to attack. They can choose a vessel en route to a nearby port, ready for load theft. Or perhaps cripple a ship in a particular area, ready for piracy.

“Although it was possible before to find a specific vessel’s location, it required a lot of work to analyse and present it on a map. The new mapping feature makes it trivially easy for hackers and criminals alike,” said Mr Munro.

He went on to urge ship owners and operators to secure their satcom boxes by changing default passwords and applying all updates received from their satellite communication providers immediately.