2026-06-16 · VSAT

What is VSAT Security and Why Fleet Managers Should Care

If you manage a commercial fleet, every vessel with a satellite terminal has a direct connection to the open internet. And unlike your office network, nobody is watching that connection.

Here's the uncomfortable reality: VSAT terminals are designed for connectivity, not security. They expose management interfaces — web dashboards, SSH ports, SNMP endpoints — directly to the internet by default. And attackers know exactly where to look.

This post explains what VSAT security means, why it matters for your fleet, and what you can do about it in under an hour.

What Actually Is a VSAT Terminal?

VSAT (Very Small Aperture Terminal) is the standard satellite communication system on most commercial vessels. Brands like Cobham (SAILOR series), KVH, and Intellian are on thousands of ships worldwide.

These terminals are essentially small satellite dishes connected to a below-deck unit that functions as a router, modem, and network gateway. That below-deck unit typically runs a web-based management interface — the same kind of interface you'd find on an office router, but exposed via satellite link to the entire internet.

The Problem: Designed for Access, Not Security

VSAT manufacturers prioritise making their terminals accessible from anywhere in the world. That's useful for remote troubleshooting but creates a security gap:

• Default credentials are often well-known or never changed during installation
• Management interfaces are accessible from the satellite link, meaning anyone with the terminal's public IP can attempt to log in
• Firmware updates are rare once installed — many terminals run software versions with known vulnerabilities
• No built-in monitoring — unlike office IT, nobody watches VSAT traffic for intrusion attempts

This isn't a flaw in any specific manufacturer's product. It's a design trade-off that made sense when satellite terminals were niche equipment used by technical crews. Today, automated scanners find these terminals within hours of them going online.

What Attackers Actually Do

Automated scanning tools like Shodan continuously scan the entire IPv4 internet. When they find a VSAT terminal, they:

1. Identify the make and model — the management interface usually advertises this
2. Check for default credentials — common username/password combinations
3. List open ports — SSH, HTTP/HTTPS, SNMP, and proprietary management protocols
4. Attempt known exploits — against unpatched firmware versions

Once inside a VSAT terminal, an attacker can:

• Disrupt communications — take the terminal offline, causing off-hire
• Redirect traffic — intercept or modify data passing through the satellite link
• Use the terminal as a pivot — access other systems on the ship's network
• Monitor position data — track vessel movements

Why Port State Control Is Starting to Ask

Port state control regimes — Paris MoU, Tokyo MoU, USCG — have added cyber security to their inspection checklists. Inspectors are increasingly asking for evidence that vessel IT and OT systems are secured.

A VSAT terminal with default credentials and open management interfaces is exactly the kind of finding that gets noted on an inspection report. And once it's on record, it stays on the vessel's profile for future inspections.

What You Can Do Right Now

Step 1: Find out what's exposed. Run a free Shipcrawler scan on three of your vessels. We'll search Shodan, AIS databases, and public sources to show you exactly what attackers see when they scan your fleet.

Step 2: Change default credentials. This is the single highest-impact, lowest-effort fix. Every VSAT terminal in your fleet should have unique, strong credentials for its management interface.

Step 3: Restrict management access. If your satellite provider supports it, restrict management interface access to specific IP addresses — your office or your provider's support team only.

Step 4: Document what you've done. When the PSC inspector asks, you want to show a documented process, not a blank look.