Security researchers have discovered critical vulnerabilities in the firmware and Android app of marine diesel engine controllers by Norwegian company Auto Maskin
Security researchers have discovered critical vulnerabilities in the firmware and Android app of marine diesel engine controllers by Norwegian company Auto Maskin. The vulnerabilities were discovered by security researchers Brian Satira and Brian Olson and exploiting these vulnerabilities could allow attackers to take control of the vessel’s engine. Exploiting these vulnerabilities could allow the attackers to steal information about configuration, settings, sensors present and in use. The attacker can also send arbitrary ModBus (control) information to the engine control units. The four vulnerabilities discovered were CVE–2018-5399, CVE–2018-5400, CVE–2018-5401, CVE–2018-5402. CVE–2018-5399 vulnerability is where the DCU 210E firmware contains an undocumented Dropbear SSH server with a hardcoded username and password which is easily susceptible to cracking. CVE–2018-5400 is an Origin Validation Error flaw where Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The third vulnerability CVE–2018-5401 is because the device transmits process control information through unencrypted Modbus communications. The embedded web server also uses unencrypted plaintext for the transmission of the administrator PIN which is fourth vulnerability CVE–2018-5402. “CVE-2018-5401 and CVE-2018-5400 affect both Auto-Maskin Marin Pro field devices and the related Marine Pro Observer app for Android. An attacker could exploit them to send spoofed Modbus TCP packets to any Marine Pro field device to change any supported settings, including turning a vessel’s engines on or off” said by Satira in a post to Help Net Security. The attacker would be able to send spoofed Modbus packets from any arbitrary node within the network access of the targeted device. The attacker would also be able to execute a man in the middle attack to change or modify packets. Researchers notified Auto-masking about the vulnerabilities and didn't get any response back from the company still after 18 months. According to Help Net Security, the researchers then notified Norway’s national CERT (NorCERT) about the flaws. They responded back by saying that they knew about the vulnerability and also stated they had no intention to publicly disclose or to patch the issues, For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin and Twitter.
You may be interested in reading:Critical Flaw in Branch.io Affects Around 685 Million Users