back to article Crappy IoT on the high seas: Holes punched in hull of maritime security

Years-old security issues mostly stamped out in enterprise technology remain in maritime environments, leaving ships vulnerable to hacking, tracking, and worse. A demo at the Infosecurity Europe conference in London by Ken Munro and Iian Lewis of Pen Test Partners (PTP) demonstrated multiple methods to interrupt and disrupt …

Not quite...

Not quite IoT but still 5h17 :-(

6
0

Re: Not quite...

Internet of Titanics?

20
0
Anonymous Coward

mV^2

What a ship cannot deliver by V^2 it can deliver by m. You would be surprised what 30K tons moving at 10 knots can do to anything if they hit it.

13
0
Silver badge

Re: mV^2

Now hack a ship in the Thames estuary and send it on a collision course with the Richard Montgomery

2
0

Re: mV^2

You would be surprised what 30K tons moving at 10 knots can do to anything if they hit it.

<pedantic>Actually, just half of what you think it can. </pedantic>

1
0
Silver badge

220,000 tons IoT

A ship is a thing. It has been connected to world + dog with all of the security of a $20 web cam.

I'd read about these vulnerabilities years back, and silly me, I thought somebody had taken the problem seriously.

Oh well.

25
0
Silver badge

Good old days?

Can we go back to the good old days, pre-IoT and google cars? I doubt anyone has worked out how to hack a horse and cart or the Flying Scotsman.

8
0

Re: Good old days?

You mean back when that movie, Hackers, featured a scheme to capsize ships if a ransom weren't paid?

6
0
Silver badge

Re: Good old days?

"worked out how to hack a horse "

Although a certain type of horse is often termed a hack

https://en.wikipedia.org/wiki/Hack_(horse)

6
0

Re: Good old days?

It's easy to hack a horse, just feed it enough of what ever you are feeding the Scotsman to get him to fly.

6
0
Silver badge

One can but hope Pen Test Partners won't be too pent-up about El Reg calling them so...

1
0
Silver badge

IoT goes where sensible people fear to tread...

...and PTP will be there to break them !`

I was at a conference the other week where PTP were presenting, and their guy broke out the Svakom Siime Eye as the last victim of the talk.

2
0

Not just open sea navigation...

I just watched a show which was looking at the world's biggest container freight ship and part of it's maiden voyage was through the Suez Canal. It had only a couple of feet to spare across the canal width. Imagine tampering with a ship like that as it's going through the canal - the canal would have damage and would have to be closed.

4
0
Mushroom

Re: Not just open sea navigation...

It's quite hard to do damage in a situation like this by just changing the vessels direction. The only way I could see to close the canal for more than a very short period of time would be to scuttle it in a way it was hard to refloat and that's quite hard. You would have to rip out a large section and as the Suez canal isn't hard lined, well it wasn't the last tome I went through it. You really need to look at taking out the locks on something to create long term damage. So if you see a vessel called HMS Campbeltown that's the time to worry!

8
0

Re: Not just open sea navigation...

The easiest way to shut Suez is down is to refuse to give the pilot his carton of Marlboro :-)

9
0

Re: Not just open sea navigation...

Or sinking the bumboats!

1
0

Plain text rudder commands is not a problem in itself

I think the example with modifying rudder commands is a cheap shot. Modifying rudder commands sent over the NMEA0183 network is not really a problem in itself. These networks are intended to be physically secure, just like any old analog control cable for your rudder or engine would be.

Sure, if someone modifies a signal on a control cable (or pours water in your diesel tank or throws a wrench in your cooling pump), that will have consequences. But these low-level control networks were never intended to be more than a "sophisticated control cable". And that's what they are - so they use plain text commands and that is not a problem.

If you plug your NMEA network onto the internet, you are in as much trouble as if you gave direct public access to any other older control cable. But this is not a problem with the NMEA technology in itself. Just like most other control connections, it was not intended to be internet connected.

And that's of course the problem; putting insecure devices on two separate networks that were never intended to be near one another; the public internet *and* your NMEA network.

12
0
Silver badge

Re: Plain text rudder commands is not a problem in itself

The crew has to do something during the months it takes to between China and Europe and back again.

I would be amazed if they didn't have lots of video games on board. And I guess they would plug into the ship's network to gain internet access and play multi-user games.

And so I wouldn't be surprised to find that you could connect over a gaming link to a ship on the high seas, and from there into the rest of the network. I don't suppose the Filipino crew and officers have ever had any maritime IT Security training....

3
0

Re: Plain text rudder commands is not a problem in itself

Yes of course a shipowner is going to pay for the necessary bandwidth over an expensive satellite link so the crew can indulge in a bit of gaming...

2
2
Silver badge

Re: Plain text rudder commands is not a problem in itself

Maybe if insurance companies start to take notice of this sort of shit then maybe the shipowner might be forced in to using network segregation and a decent VPN for ship-related access?

3
0
Silver badge

Re: Plain text rudder commands is not a problem in itself

From a relative of mine who works offshore, yes, they often have consoles set up for gaming. There's also often a thriving film/tv piracy scene going on, where crew members swap videos back and forth to keep themselves occupied.

As for internet access, it depends. Usually these days they get enough for text based communications, and the odd picture. Some of the really fancy new boats have enough bandwidth to do VoIP (with a huge and almost unusable latency). For online gaming though you're pretty much limited to play-by-email.

I assume ships in places like the Channel can probably pick up on-shore mobile networks and get 3/4G coverage though.

1
0

this is why dickking around with colregs is a bad idea.....https://www.theregister.co.uk/2018/05/25/imo_robot_shipping/

0
0
Facepalm

Nothing new...

About 10 years ago the family were on a cruise on Costa Victoria. I "won" a prize of a tour of the off-limits areas. The engine room was running off a pc running XP with a memory stick plugged in. How bad can it get?

4
0
Silver badge

Re: Nothing new...

If that's all the computer was connected to, it would be ok. If connected to the system and then that's connected to any type of internet connection... very bad.

2
1
Silver badge

"an attacker could change the rudder command by modifying a GPS autopilot command "

Set command to "Left hand down a bit".

8
0
Silver badge

@Christoph

Yep. Sounds like a godsend for Somali pirates. Why chase down a ship in a tiny speedboat with people spraying water (and sometimes bullets) when you can take over steering control and sail the ship onto your nearest beach.

That's never going happen right? Its got CRC protection. Ha ha. Might as well have used ROT13.

2
0

Re: @Christoph

CRC is for checking that noise hasn't changed the signal, it's not intended as security.

Like double entry bookkeeping, it is intended to prevent errors, not someone adding a fraudulent transaction...

1
0
FAIL

Given how ship owners register in the the cheapest no-standards countries they can find, and use the cheapest labour they can, why should this surprise anyone.

5
0
Bronze badge
Unhappy

The sad part of this story is ... not the story.

The only part of this I find amazing/surprising/whatever (Not quite sure what the right word for "is a thing, but really is in no way surprising because the world is chronically depressing in this manner" is.) is how often researchers "discover" things that have already been reported dozens of times in the past. Is doing a Google search not a part of the research procedure?

Also somewhat disappointed in the IoT buzzword usage, as if routers (from long before IoT) did not commonly have the same problem (and still do!) and if not nearly every PC before then also had the same problem (have you looked at the sticky note on the monitor or under the keyboard) ... up to the point when computers had any form of security at all. Nothing new under the sun.

Heck, I would not be surprised to find some ships today still relying on a C=64 for some reason.

2
0

Stay away from the South China Sea

It's almost the plot of Tomorrow Never Dies (different method, same outcome)! Frightening but not surprising.

1
0

Cybersec shwibersec

I'm currently in this industry, can confirm cybersec is a complete joke. Half the owners don't even know what they have on the vessel that's connected. I've seen automatic software updates (that were enabled) completely brick a device that left the ship stuck in Port for 2 weeks (costing a small fortune to do so and in lost revenue). That these ships aren't being pwnd and crashed into harbours on a daily basis still amazes me and it's probably one of the reasons they are not doing much about it yet....

1
0

This does sound very familiar

Isn't this a combination of Die Hard 2 and Speed 2?

Someone call Willis and Bullock to sort it out

1
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018