Hacking Superyachts. Advice for captains

2019-04-01T13:31:15
ID PENTESTPARTNERS:4599FE395AEA942F1650F4A831514DC0
Type pentestpartners
Reporter Tony Gee
Modified 2019-04-01T13:31:15

Description

I’ve blogged already about how superyachts are the homes, the offices, the play areas for their owners. However, they are also the charge of the captains and homes of the crew, most owners simply see themselves as guests on the captain’s yacht, so what do you the captain and crew need to think about?

Navigating the high seas

We know we can find a locate the yacht in real time with AIS and can compromise the Satcom, but what about your navigation? You will be using an Electronic Chart Display and Information Service (ECDIS) to allow you to navigate your yacht, this will rely on your GPS systems to accurately pin point your location. All good so far, however, running separate cabling around the yacht is costly and ineffective, what most integrators will do is use serial to IP convertors to convert signals from your GPS to travel over a normal network. Sounds great right… Wrong. This network is the same network that the owners VOIP calls are being made on, the same network that their connected lighting or smart TV is on. It’s the same network the crew connect their laptops and tablets to on rest days. Can you be sure all of the devices are secure?

Hacked VOIP…hacked ECDIS?

So why is this an issue for you? If I can compromise your owners always on VOIP service and use that as a doorway on to the ship, what is to stop me impacting critical services such as ECDIS. Most yachts will have a server rack where all the key services are stored, these will include firewalls, network switches, VOIP, connected audio, WiFI, etc. Then network cables will run to the key services like your GPS antenna and the ECDIS. Attached to these will be serial to IP converters. These are little magic boxes that convert the data from the GPS antenna to data that can travel over a normal network. There will be another one to covert it back to something your ECDIS will understand. These are simple to compromise, allowing me to confuse your ECDIS. What if I can tell you your ship is 10 miles from where you think you are? No big deal right, you can look out the window and use your paper maps… you do still have paper maps don’t you?

Separation

Obviously compromising your ECDIS like this is a significant issue, therefore most system integrators will implement separation. The server rack will implement technology to separate network traffic so that they can’t cross over. Your crew/client WiFi won’t be able to access your ECDIS, the owners voice conferencing service won’t see your AIS traffic… In theory… We have lost count of the number of times we have found installers rush to get a job done and just ‘make it work’ in the shortest possible time. This leads to the wrong kit plugged in to the wrong networks and your owners hacked devices accessing your navigation systems. Can you be certain that has been implemented securely and correctly?

Floating industrial control systems

As yachts get ever larger and complex the systems you use to pilot them get ever more complex, you aren’t starting the motor by hand and physically moving the rudder, this will be performed by industrial control systems (ICS) that take your inputs and provide an action at the component being controlled. How is that happening? Through the onboard networks. Your auto pilot systems will interact between your ECDIS and this ICS network. But remember I can control your ECDIS… How will your autopilot fare if it doesn’t accurately know where you are?

Crew/Client challenges

Your crew didn’t used to carry much technology, then the smart phone was invented and now your crew need to charge devices, connect to WiFi, video call their family and can upload your exact coordinates to Facebook and Twitter all using the technology on board that ensures the yacht is runs smoothly and the owner makes the best use out of their investment. Do you know if their devices are running up to date operating systems, free from malware and bandwidth restricted? We have seen in the aviation industry and the maritime industry staff connecting their phones to safety critical systems just to charge them!

When you consider your clients, if you are a charter captain you might not know who the clients and their guests are, could they be tampering with systems or installing rogue systems to compromise future clients? It’s really important to understand what ‘normal’ looks like and periodically check systems for ‘abnormal’ devices otherwise you could allow an attacker to impact your yacht.

Technology support…erm…

The yacht will have all the technology provided by a system integrator who will likely also provide support should you need it. There are rarely centralised security controls in place, it’s likely to be just you and a remote support organisation, sure they should be able to connect over the satcom to fix issues, but the support contract you have may not prioritise security and even if it does, some issues such as keeping systems up to date will really only be possible when at a dock and may impact the service while updating. The problem is that the devices need updating in the same way your phone does to fix security issues. Do you allow time for this to happen? What about the passwords for all the systems? Who is responsible for setting these securely? Or have you just gone with the default? We have shown how easily these can be compromised over satellite links.

Tactical advice

  • Contact your support team and verify what support you have and ensure maintenance windows for updates are allowed
  • Change default passwords for ALL systems
  • Ensure your service provider adequately implements separate networks for smart or IoT kit the networks running safety critical systems
  • Test onboard systems for issues
  • Regularly audit charter yachts for rogue systems
  • Train your crew on good security practices such as where they can charge their devices and what they can do with them when on the yacht

Related posts:

Hacking Superyachts. Advice for integrators

Hacking Superyachts. Advice for owners