Why Modern Yachts Vulnerable to Hacker Attacks
Manufacturers of modern marine vessels have not escaped the fashionable trend of connecting various components of ship’s infrastructure to the Internet. As a result, any modern yacht is equipped not only with navigation systems, but also with a host of other electronic devices that are connected into a common network by routers and switches.
As a result, yachts became as vulnerable as other devices that suddenly turned out to be connected to the Internet. The technologies that they use were developed before the advent of modern security standards and are not able to provide reliable protection.
In addition, the navigation equipment is not isolated from the network of infotainment devices, the Internet connection using VPN, so it`s no way protected – it can take a long time to list. Stephan Gerling of the ROSEN group of companies talked about some of these issues at the Security Analyst Summit 2018.
The on-board network of the yacht has a lot of connected devices – a ship traffic control system (VTS), an automatic identification system (AIS), autopilot, GPS receivers, radar, cameras (including infrared), a depth gauge, devices for controlling engines and monitoring their condition ( today some work through the cloud) and others, others, others.
This entire electronic team is networked using the NMEA (National Marine Electronics Association) bus. The newest version of this standard is called NMEA 2000 (or N2K). Interestingly, N2K is a close relative of the CAN bus, which is used in all modern cars.
Even if marine electronics is not connected to the Internet, it can still successfully can be attacked. The most common methods are blocking and spoofing a GPS signal, spoofing AIS identification, and so on. And this is no longer a theory: such attacks have occurred more than once.
When attacking, attackers modify information about the position and speed of the vessel – that is, data that the AIS collects and transmits, for example, to a port dispatcher to avoid collision with other ships. An attack on a GPS signal or an AIS connection is fraught with navigation problems up to a collision of vessels, which always leads to serious damage, and sometimes even to human casualties.
In addition to NMEA, there are other networks on modern yachts. For example, infotainment systems operating on a network using TCP / IP protocols, which we all use every day. The equipment operating in these networks is also quite standard: routers and switches, Wi-Fi access points, VoIP phones, smart TVs and so on – everything is like in a normal house or apartment.
But there is a nuance: unlike the home network, the infotainment network on board the yacht is connected to the NMEA bus using a special gateway. On the one hand, this is convenient for the owner of the yacht, because it allows you to control all ship’s ship systems from a smartphone or tablet, from lighting and window blinds to engines. Even autopilot can be controlled using a special wireless device. On the other hand, since the two networks are not isolated from each other, when an infotainment system is hacked, attackers can penetrate deeper into the NMEA network.
And infotainment networks, of course, have Internet access: via satellite, through channels for high-speed 4G / 3G / 2G data transfer or using Wi-Fi modules.
To demonstrate how vulnerable the yachts are, Gerling studied one of the solutions actually used in yachts to configure and control the Internet connection and local networks. To make it more convenient for the user, this solution supports remote control – through an application for Windows, iOS or Android. This is where the problem became known.
The fact is that every time the control application is opened on a tablet, mobile phone or computer, it connects to the router via FTP and downloads the XML file. This file contains the full configuration of the router, including hard-coded accounts, the SSID of the secure WiFi protection and the password for it in the form of unencrypted text.
Since the FTP protocol is unsafe, this data is easy to intercept, after which criminals get full control over the yacht’s router and its infotainment network.
In addition to this serious error, Gerling discovered a user account with administrator rights in the operating system of the router. It was left by the developers – probably for remote technical support.
What threatens the control of cybercriminals over the infotainment system? For example, by intercepting any traffic, including HTTP requests, audio (voice messages transmitted over the Internet) or video (data from a surveillance camera). And these are just flowers. Having such opportunities, you can not only begin to spy on those present on the yacht, but also hack any device on board if it can connect to Wi-Fi.
After Gerling informed the equipment manufacturer about all the problems detected, the network protocol was changed from FTP to a more reliable SSH. In addition, a new application and firmware for the router were developed. The updated software still contains hard-coded credentials, but the developers changed the password from “12345678” to a more reliable one. However, even after installing the fixes, an active administrator account remained in the router’s operating system.
In general, everything is pretty sad. And there is nothing to advise the owners and buyers of yachts. On-board infotainment systems, as a rule, are delivered as a turnkey solution with not so many options from which you can choose. It is unlikely that many owners of yachts will be engaged in the installation of equipment and network setup on their own. We can only recommend that you carefully choose the provider of infotainment system.
Gerling’s research shows that even very complex and expensive things — such as a yacht — can contain primitive, easily exploited vulnerabilities. Which someone can use, for example, to spy on the owner of the yacht and its guests. In other words, the whole world can find out what is happening on board your ship.
Considering how many influential and famous people buy or rent yachts, their manufacturers should approach safety issues much more carefully. In particular, to use the services of researchers and security testers even at the stage of system preparation, without waiting for a serious leak, in which the client has every right to blame the supplier.
Read Full Article Here – Why Modern Yachts Vulnerable to Hacker Attacks