Iridium Communications Inc. Information for VU#578598
Iridium Pilot and OpenPort contain multiple vulnerabilities
- Vendor Information Help Date Notified: 16 Jan 2014
- Statement Date:
- Date Updated: 12 Sep 2014
Iridium is aware of this vulnerability and has taken the necessary steps to address it. We are detecting and blocking use of the identified credentials at the edge where the Iridium network connects to public terrestrial networks. Since all Pilots can only be addressed through the Iridium network, this effectively blocks any remote unauthorized use of the credentials. Iridium has also made changes to the Pilot firmware and this will be released through our normal software release process.
Iridium is aware of this vulnerability and does not believe it is viable. The firmware upgrade tool described is provided only to service providers, and will not work remotely, the tool must be run on a PC which is directly connected to the on ship Pilot’s BDE (below deck equipment). Any remote attempt to upgrade the firmware will disable the Iridium network connection and the software upgrade will abort. In addition, it is not technically feasible to create a “malicious” version of the firmware as the PILOT has a proprietary Operating system, processor and tool set.
We are not aware of further vendor information regarding this vulnerability.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.