SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
19 Mar 2018

Modern yacht hacking

Manufacturers of modern vessels didn’t escape the common trend of connecting various parts of their ships to the Internet.

As a result, any modern yacht now contains not only navigation systems, but also a pack of IoT devices with routers and switches — regardless of whether they’re really necessary.

As a result, yachts have the same security problems as other devices that suddenly became Internet-friendly: Technologies developed before modern security standards, navigation and infotainment systems connected to the same network, unprotected Internet connections on board, and more. Stephan Gerling of the ROSEN Group reported some of these problems during the Security Analyst Summit 2018 conference.

A yacht’s onboard network may include a lot of things — a vessel traffic service (VTS) device, automatic identification system (AIS), autopilot, GPS receivers, radar, cameras (including thermal), depth sounders, engine control and monitoring (some are cloud based now), and more. All of these electronics are connected to a network through a bus based on National Marine Electronics Association (NMEA) plug-and-play standards. The newest of these standards is NMEA 2000 (or N2K). Curiously, it’s related to the CAN bus used in road vehicles.

Even when electronic marine tools are not connected to the Internet, they can fall prey to some known vectors of attack: GPS jamming, GPS spoofing, AIS spoofing, and so on. Such attacks are not just theoretical; some have already happened. In attacks of this kind, malefactors alter information about a ship’s position and speed — data collected by AIS and transmitted, for example, to a harbor master to avoid collisions. Attacks on a GPS signal or AIS connection can cause navigation problems and even lead to collisions with other vessels, with serious damage and even human casualties.

In addition to NMEA, modern yachts have other networks on board. Infotainment networks are based on the TCP/IP protocol, which we use every day and includes the connected devices we know well: routers and switches, Wi-Fi access points, VoIP phones, smart TVs, and so on.

The issue here is that NMEA and TCP/IP networks are connected through a gateway. On the one hand, that means a yacht’s owner can remotely control and monitor the vessel’s systems, from lights or curtains to an engine, from his/her smartphone or tablet. Even the autopilot can be controlled by special wireless device. On the other hand, that means that these two networks are not isolated, and if an infotainment network is hacked, it is possible to hack deeper — into the NMEA network.

Of course, infotainment networks get Internet access through satellite, high power 4G/3G/2G, and Wi-Fi modules. To demonstrate how insecure a boat’s network can be, Gerling brought aboard one available solution to set up and control the Internet connection and local networks. For the user’s convenience, the solution can be remotely controlled (by software for Windows, iOS, or Android), and that is where problems start.

For example, every time the control app is opened on a tablet, mobile phone, or computer, it makes an FTP connection to the router and downloads an XML file. This file contains the complete router configuration, including hardcoded router credentials and Wi-Fi SSID and password in clear text. Thanks to the insecure FTP protocol, this data is easy to intercept, meaning that criminals can take full control over a yacht’s router and infotainment network. In addition, Gerling found a user account with root rights in the router OS that was left by developers, probably for a remote technical support.

What can a cybercriminal do after taking control of an infotainment system? Well, for example, intercept traffic including HTTP requests, audio (VoIP) and video (surveillance) streaming, and more. It’s a good start not only for espionage, but also for attacking every device on board that has a Wi-Fi connection.

After Gerling reported all discovered issues to the vendor, the network protocol was changed from FTP to SSH, and new app and router firmware versions were developed. The patched software does still contain hardcoded credentials — developers just changed the password from “12345678” to a more complicated one. And the developer’s root account still remains in the router’s operating system, even after the patch.

Looking at the situation as a whole, we do not have many tips for yacht owners. Onboard infotainment systems are not usually a DIY setup of routers and cables but instead are delivered as a complete solution with limited options. And it’s unlikely many yacht owners will install and adjust their own systems. In a nutshell, all we can recommend is to choose your infotainment solution’s manufacturer wisely.

That said, the research shows even complicated and expensive solutions may contain primitive, easily exploitable flaws that can be used for espionage on a yacht’s owner and guests. What happens on board won’t stay on board, in other words. Taking into consideration how many high-profile victims own or rent a vessel, manufacturers should pay much more attention to security — and proactively involve experts and pentesters — not simply wait for serious leaks, for which they will be rightly blamed.

From an IT-security perspective, a connected yacht is very similar to a connected car, so similar methods can be used for protection: for example, implementing a gateway that secures the data exchange between the components of an onboard computer system.

Tags:
hackers information leaks
Source:
Kaspersky Daily
1795
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015