back to article Crappy IoT on the high seas: Holes punched in hull of maritime security

Years-old security issues mostly stamped out in enterprise technology remain in maritime environments, leaving ships vulnerable to hacking, tracking, and worse. A demo at the Infosecurity Europe conference in London by Ken Munro and Iian Lewis of Pen Test Partners (PTP) demonstrated multiple methods to interrupt and disrupt …

  1. trevorde Silver badge

    Not quite...

    Not quite IoT but still 5h17 :-(

    1. Anonymous Coward
      Anonymous Coward

      Re: Not quite...

      Internet of Titanics?

  2. Anonymous Coward
    Anonymous Coward

    mV^2

    What a ship cannot deliver by V^2 it can deliver by m. You would be surprised what 30K tons moving at 10 knots can do to anything if they hit it.

    1. Christoph

      Re: mV^2

      Now hack a ship in the Thames estuary and send it on a collision course with the Richard Montgomery

    2. T. F. M. Reader

      Re: mV^2

      You would be surprised what 30K tons moving at 10 knots can do to anything if they hit it.

      <pedantic>Actually, just half of what you think it can. </pedantic>

  3. Brian Miller

    220,000 tons IoT

    A ship is a thing. It has been connected to world + dog with all of the security of a $20 web cam.

    I'd read about these vulnerabilities years back, and silly me, I thought somebody had taken the problem seriously.

    Oh well.

  4. Pen-y-gors

    Good old days?

    Can we go back to the good old days, pre-IoT and google cars? I doubt anyone has worked out how to hack a horse and cart or the Flying Scotsman.

    1. GnuTzu

      Re: Good old days?

      You mean back when that movie, Hackers, featured a scheme to capsize ships if a ransom weren't paid?

    2. Chemist

      Re: Good old days?

      "worked out how to hack a horse "

      Although a certain type of horse is often termed a hack

      https://en.wikipedia.org/wiki/Hack_(horse)

    3. onefang

      Re: Good old days?

      It's easy to hack a horse, just feed it enough of what ever you are feeding the Scotsman to get him to fly.

  5. DropBear

    One can but hope Pen Test Partners won't be too pent-up about El Reg calling them so...

  6. Chris King

    IoT goes where sensible people fear to tread...

    ...and PTP will be there to break them !`

    I was at a conference the other week where PTP were presenting, and their guy broke out the Svakom Siime Eye as the last victim of the talk.

  7. Gnosis_Carmot

    Not just open sea navigation...

    I just watched a show which was looking at the world's biggest container freight ship and part of it's maiden voyage was through the Suez Canal. It had only a couple of feet to spare across the canal width. Imagine tampering with a ship like that as it's going through the canal - the canal would have damage and would have to be closed.

    1. Paul Johnston
      Mushroom

      Re: Not just open sea navigation...

      It's quite hard to do damage in a situation like this by just changing the vessels direction. The only way I could see to close the canal for more than a very short period of time would be to scuttle it in a way it was hard to refloat and that's quite hard. You would have to rip out a large section and as the Suez canal isn't hard lined, well it wasn't the last tome I went through it. You really need to look at taking out the locks on something to create long term damage. So if you see a vessel called HMS Campbeltown that's the time to worry!

    2. HarryBl

      Re: Not just open sea navigation...

      The easiest way to shut Suez is down is to refuse to give the pilot his carton of Marlboro :-)

      1. Paul Johnston

        Re: Not just open sea navigation...

        Or sinking the bumboats!

  8. devjoe

    Plain text rudder commands is not a problem in itself

    I think the example with modifying rudder commands is a cheap shot. Modifying rudder commands sent over the NMEA0183 network is not really a problem in itself. These networks are intended to be physically secure, just like any old analog control cable for your rudder or engine would be.

    Sure, if someone modifies a signal on a control cable (or pours water in your diesel tank or throws a wrench in your cooling pump), that will have consequences. But these low-level control networks were never intended to be more than a "sophisticated control cable". And that's what they are - so they use plain text commands and that is not a problem.

    If you plug your NMEA network onto the internet, you are in as much trouble as if you gave direct public access to any other older control cable. But this is not a problem with the NMEA technology in itself. Just like most other control connections, it was not intended to be internet connected.

    And that's of course the problem; putting insecure devices on two separate networks that were never intended to be near one another; the public internet *and* your NMEA network.

    1. Dodgy Geezer Silver badge

      Re: Plain text rudder commands is not a problem in itself

      The crew has to do something during the months it takes to between China and Europe and back again.

      I would be amazed if they didn't have lots of video games on board. And I guess they would plug into the ship's network to gain internet access and play multi-user games.

      And so I wouldn't be surprised to find that you could connect over a gaming link to a ship on the high seas, and from there into the rest of the network. I don't suppose the Filipino crew and officers have ever had any maritime IT Security training....

      1. HarryBl

        Re: Plain text rudder commands is not a problem in itself

        Yes of course a shipowner is going to pay for the necessary bandwidth over an expensive satellite link so the crew can indulge in a bit of gaming...

        1. Paul Crawford Silver badge

          Re: Plain text rudder commands is not a problem in itself

          Maybe if insurance companies start to take notice of this sort of shit then maybe the shipowner might be forced in to using network segregation and a decent VPN for ship-related access?

      2. phuzz Silver badge

        Re: Plain text rudder commands is not a problem in itself

        From a relative of mine who works offshore, yes, they often have consoles set up for gaming. There's also often a thriving film/tv piracy scene going on, where crew members swap videos back and forth to keep themselves occupied.

        As for internet access, it depends. Usually these days they get enough for text based communications, and the odd picture. Some of the really fancy new boats have enough bandwidth to do VoIP (with a huge and almost unusable latency). For online gaming though you're pretty much limited to play-by-email.

        I assume ships in places like the Channel can probably pick up on-shore mobile networks and get 3/4G coverage though.

  9. John Jennings

    this is why dickking around with colregs is a bad idea.....https://www.theregister.co.uk/2018/05/25/imo_robot_shipping/

  10. The answer is 42
    Facepalm

    Nothing new...

    About 10 years ago the family were on a cruise on Costa Victoria. I "won" a prize of a tour of the off-limits areas. The engine room was running off a pc running XP with a memory stick plugged in. How bad can it get?

    1. Mark 85

      Re: Nothing new...

      If that's all the computer was connected to, it would be ok. If connected to the system and then that's connected to any type of internet connection... very bad.

  11. Christoph

    "an attacker could change the rudder command by modifying a GPS autopilot command "

    Set command to "Left hand down a bit".

    1. JassMan

      @Christoph

      Yep. Sounds like a godsend for Somali pirates. Why chase down a ship in a tiny speedboat with people spraying water (and sometimes bullets) when you can take over steering control and sail the ship onto your nearest beach.

      That's never going happen right? Its got CRC protection. Ha ha. Might as well have used ROT13.

      1. Ben Bonsall

        Re: @Christoph

        CRC is for checking that noise hasn't changed the signal, it's not intended as security.

        Like double entry bookkeeping, it is intended to prevent errors, not someone adding a fraudulent transaction...

  12. DanceMan
    FAIL

    Given how ship owners register in the the cheapest no-standards countries they can find, and use the cheapest labour they can, why should this surprise anyone.

  13. Nimby
    Unhappy

    The sad part of this story is ... not the story.

    The only part of this I find amazing/surprising/whatever (Not quite sure what the right word for "is a thing, but really is in no way surprising because the world is chronically depressing in this manner" is.) is how often researchers "discover" things that have already been reported dozens of times in the past. Is doing a Google search not a part of the research procedure?

    Also somewhat disappointed in the IoT buzzword usage, as if routers (from long before IoT) did not commonly have the same problem (and still do!) and if not nearly every PC before then also had the same problem (have you looked at the sticky note on the monitor or under the keyboard) ... up to the point when computers had any form of security at all. Nothing new under the sun.

    Heck, I would not be surprised to find some ships today still relying on a C=64 for some reason.

  14. drand

    Stay away from the South China Sea

    It's almost the plot of Tomorrow Never Dies (different method, same outcome)! Frightening but not surprising.

  15. Thomassmart

    Cybersec shwibersec

    I'm currently in this industry, can confirm cybersec is a complete joke. Half the owners don't even know what they have on the vessel that's connected. I've seen automatic software updates (that were enabled) completely brick a device that left the ship stuck in Port for 2 weeks (costing a small fortune to do so and in lost revenue). That these ships aren't being pwnd and crashed into harbours on a daily basis still amazes me and it's probably one of the reasons they are not doing much about it yet....

  16. Locky

    This does sound very familiar

    Isn't this a combination of Die Hard 2 and Speed 2?

    Someone call Willis and Bullock to sort it out

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like