【Watch I was dragged into prison by my ex】

The Watch I was dragged into prison by my exInternet of Things has shown us time and time again that nothing connected to the internet is safe from hackers, and yet we've mostly written off security-camera fueled botnets as someone else's problem.

But what if the thing in question happens to be a boat loaded with weapons?

A group of cybersecurity researchers is having a field day online with the discovery that the configuration of certain ships' satellite antenna systems leaves them wide open to attack — and the possible consequences are startling.

Anyone who gained access to the system in question, and was so inclined, could manually change a ship's GPS coordinates or possibly even brick the boat's navigation system entirely by uploading new firmware. And why would anyone want to do that?

"Next gen boat ransomware?," suggested the security researcher x0rz over Twitter direct message with Mashable. "Military special operations? Somalian pirates 2.0?"

This Tweet is currently unavailable. It might be loading or has been removed.

The recent revelation appears to have kicked off with the creation of a ship-tracking map, credited to Jeff Merrick, which shows the real-time locations of boats around the globe. The map is powered by data from Shodan, a search engine that lets users search for internet-connected devices and, according to x0rz, uses data from boats' very small aperture terminals (VSAT) to pinpoint their locations.

VSATs are common tech on yachts, and allow for internet access and communication even when boats are in movement. Interestingly, at least some boats with one type of VSAT, the SAILOR 900, have public IPv4 addresses without any firewall. And, you guessed it, Shodan makes it possible to search for this type of device.

Once located, data about the boat — such as its location — is readily available.

But here's where things get wild: The default login credentials, which are easily found online, remain unchanged on at least some of these devices (we're choosing not to publish those credentials for what we hope are obvious reasons) — allowing anyone to gain administrator-level access. Once in, x0rz confirmed to Mashable,a ship's GPS coordinates can be manually changed. What's more, an attacker could upload their own firmware and possibly brick the entire navigation system in the process.

"It's just badly configured," explained x0rz, "but just like as the rest of the Internet (banking, energy, corporate, ...)."

This Tweet is currently unavailable. It might be loading or has been removed.

With just a little googling, a person can determine a bit more about the vessel in question — like, for example, that it contains a "secure, sealed, climate-controlled armoury."

This Tweet is currently unavailable. It might be loading or has been removed.

This isn't the first time someone has called out Cobham, the UK company that manufactures the SAILOR 900, for potentially problematic security vulnerabilities. A 2014 security white paper from IOActive, a cybersecurity research team, dived into the SAILOR 900 and found that the "vulnerabilities in these terminals make attacks that disrupt or spoof information consumed by the on-board navigations systems, such as ECDIS, technically possible, since navigation charts can be updated in real time via satellite."

This Tweet is currently unavailable. It might be loading or has been removed.

So what does Cobham have to say about all of this? Pretty much what you'd expect.

"Our terminals, as is customary with most communications hardware, are delivered with default administrative credentials such as passwords which we strongly advise VSAT users change during technology installation and frequently afterwards in accordance with general password-best-practice processes," a company spokesperson told Mashablevia email. "We emphasize this in our training and throughout our installations manuals."

The spokesperson also noted that they could "quickly reset the password and regain control of the terminal in the instance of passwords being compromised, as was the case in this instance.”

How worried should we be?

Like so many things, the answer to whether or not we should be concerned about ships being hacked is: it depends. Importantly, x0rz pointed out that the number of boats easily accessible in the above-described manner is limited. However, he also noted that "one is enough to cause a catastrophic event, right?"

And if the boat in question is carrying hazardous material, weapons, or happens to be something other than a pleasure yacht? Well, then we may suddenly find ourselves taking these kind of vulnerabilities a lot more seriously.

This story has been updated to include a statement from Cobham.