India Seaports Left Vulnerable

This post is also available in: עברית (Hebrew)

Newly launched platform for managing all port operations in India left public access to sensitive data, posing the risk of a potential takeover by threat actors.

Researchers recently discovered that The National Logistics Portal (NLP) platform has exposed sensitive credentials and encryption keys via publicly available JS files, while several AWS S3 buckets containing personal data of workers, marine crew, invoices, and internal documents were left completely exposed to the public.

According to Cybernews, these exposed AWS S3 keys can let anyone gain access to all of the NLP infrastructure, which poses a grave danger of ransomware attacks since threat actors could have taken advantage of the access to the system to encrypt critical information and make it inaccessible. Such an incident could have caused severe and far-reaching consequences for India’s trade and overall economy.

The first person to identify the leak was CEO of SecurityDiscovery Bob Diachenko, who claims that at the moment the exact consequences of the incident are hard to estimate. “The JS file should not contain hardcoded credentials in the first place and AWS S3 buckets with sensitive data should be private – especially, when it is a governmental institution. It is also a huge reputational risk not only for that particular asset but for the entire country,” Diachenko explained.

NLP is a one-stop platform that was launched in January this year and is meant to manage logistics at India’s ports (customer management, fee payment, shipment tracking, etc.). The system is currently still developing and has intentions to grow and include all modes of transportation, spanning waterways, road networks, and air travel. Their press release states that the platform is aiming to reduce regulatory complexities and make a push for paperless trade.

At the time of writing, the problem has been fixed.