Reply to post: Plain text rudder commands is not a problem in itself

Crappy IoT on the high seas: Holes punched in hull of maritime security

devjoe

Plain text rudder commands is not a problem in itself

I think the example with modifying rudder commands is a cheap shot. Modifying rudder commands sent over the NMEA0183 network is not really a problem in itself. These networks are intended to be physically secure, just like any old analog control cable for your rudder or engine would be.

Sure, if someone modifies a signal on a control cable (or pours water in your diesel tank or throws a wrench in your cooling pump), that will have consequences. But these low-level control networks were never intended to be more than a "sophisticated control cable". And that's what they are - so they use plain text commands and that is not a problem.

If you plug your NMEA network onto the internet, you are in as much trouble as if you gave direct public access to any other older control cable. But this is not a problem with the NMEA technology in itself. Just like most other control connections, it was not intended to be internet connected.

And that's of course the problem; putting insecure devices on two separate networks that were never intended to be near one another; the public internet *and* your NMEA network.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019