What vulnerabilities were found in Bluspark's shipping platform?

Researchers discovered flaws including plaintext passwords and unauthenticated remote access, which exposed customer data and allowed for the creation of new administrator accounts.

How did researchers attempt to notify Bluspark about the security issues?

Researchers used multiple methods, including direct emails, voicemails, LinkedIn messages, and contacted a non-profit organization to alert Bluspark about the vulnerabilities.

Has Bluspark Global fixed the discovered security flaws?

Yes, Bluspark has stated that most of the identified vulnerabilities have been remediated and they are working with a third-party for assessment.

Home / Technology / Hackers Exploit Shipping Giant's Weak Security

Hackers Exploit Shipping Giant's Weak Security

14 Jan

•

Summary

Security researchers found critical vulnerabilities in Bluspark's shipping platform.
Plaintext passwords and remote access flaws exposed decades of customer data.
Researchers struggled to contact Bluspark, leading to delayed vulnerability fixes.

Hackers Exploit Shipping Giant's Weak Security

For the past year, security experts have warned the shipping industry about escalating cyber threats. Now, simple vulnerabilities in Bluspark Global's Bluvoyix platform, used by numerous major companies, have been exposed. These flaws, discovered in October, included plaintext passwords and remote access to sensitive shipping data, potentially dating back decades. Researchers faced difficulties notifying Bluspark, underscoring a systemic problem in the industry for reporting security weaknesses.

Security researcher Eaton Zveare uncovered five critical flaws, including the ability to create new administrator accounts without authentication. Despite attempts to contact Bluspark through various channels, including the Maritime Hacking Village, a response was not immediate. The situation escalated after Zveare alerted TechCrunch, which then directly contacted Bluspark's CEO and a customer, eventually prompting a response from the company's legal representatives.