Hackers demonstrates attack on superyacht IT systems
The Maritime Executive, 17 May 2017 and Cyber Arms/Fox NewsJuly 7th 2017
The Maritime Executive, 17 May 2017 and Cyber Arms/Fox News
How the hacking of yachts is a very real threat for superyacht owners - these two accounts by different news outlets highlight different vulnerabilities in onboard systems.
The Maritime Executive, 17th May 2017
The recent worldwide ransomware attack on Windows-based computer systems has brought new awareness to the serious threat of hacking to corporate and government operations. For years, maritime agencies and industry groups have warned that this danger does not end at the water’s edge. Earlier this month, a cybercrime specialist working for the mobile device company demonstrated the vulnerabilities of a superyacht's IT systems, using a boat's WiFi connection to gain control of many vital functions – including navigation and the onboard CCTV.
“We had control of the satellite communications,” said Murray, speaking to the Guardian earlier this month. “We had control of the telephone system, the Wi-Fi, the navigation . . . And we could wipe the data to erase any evidence of what we had done.” Murray and his team gained access to the yacht's systems within 30 minutes.
The key vulnerability was the high-power WiFi router. "Owners like to have strong WiFi . . . But this means that the network extends quite far from the actual ship to other vessels and the shore," Murray said.
Murray demonstrated his team's results at the Superyacht Investor London conference, a gathering of yacht yards and yacht market lenders. Experts at the conference told the Guardian that hacking of yacht systems is a very real problem – especially for the collection of compromising photos of high-profile owners and guests. There are simpler vulnerabilities, too: if anyone on board discloses the ship's position by means of social media, extortionists can dispatch photographers to collect images from shore or from another vessel.
GPS spoofing presents another maritime cyber challenge – not just for yacht owners, but for merchant shipping as well. In 2013, college students and researchers from UT Austin managed to divert the yacht White Rose (exname White Rose of Drachs) with a spoofing device, without setting off alarms or raising the suspicions of the bridge team. When they transmitted a fake signal to the yacht's GPS antenna, the chart plotter on the bridge showed that the vessel had drifted "off course." The crew altered the yacht's heading to compensate. In actuality, they were turning the vessel off its intended course because their GPS showed a false, offset position.
Read the article online here.
Cyber Arms and Fox News
Flaws in the GPS system have been known for a while now, but when a security team took over a 210 foot super yacht by spoofing a GPS signal, more than a few eyebrows were raised.
Using about $3,000 worth of equipment GPS expert Todd Humphreys and his security team from the University of Texas were able to take over the navigation system of a large ship in the Mediterranean.
“We injected our spoofing signals into its GPS antennas and we’re basically able to control its navigation system with our spoofing signals,” Humphreys told Fox News.
After spoofing the GPS guidance signal, Humphreys’ team took the ship through a series of turns, and navigational changes that if done by a real attacker, could have put the ship at great risk.
The ship Captain, Andrew Schofield and his crew could not detect anything amiss.
“Professor Humphreys and his team did a number of attacks and basically we on the bridge were absolutely unaware of any difference,” Schofield said. “I was gobsmacked — but my entire deck team was similarly gobsmacked”
This is very concerning as planes could also be attacked with similar techniques. A few months ago we talked about how plane controls could be attacked with SIMON and PlaneSploit.
GPS navigational navigational security need to be addressed and secured so this doesn’t happen in real life.
Read the article online here.
The Maritime Executive, 17th May 2017
The recent worldwide ransomware attack on Windows-based computer systems has brought new awareness to the serious threat of hacking to corporate and government operations. For years, maritime agencies and industry groups have warned that this danger does not end at the water’s edge. Earlier this month, a cybercrime specialist working for the mobile device company demonstrated the vulnerabilities of a superyacht's IT systems, using a boat's WiFi connection to gain control of many vital functions – including navigation and the onboard CCTV.
“We had control of the satellite communications,” said Murray, speaking to the Guardian earlier this month. “We had control of the telephone system, the Wi-Fi, the navigation . . . And we could wipe the data to erase any evidence of what we had done.” Murray and his team gained access to the yacht's systems within 30 minutes.
The key vulnerability was the high-power WiFi router. "Owners like to have strong WiFi . . . But this means that the network extends quite far from the actual ship to other vessels and the shore," Murray said.
Murray demonstrated his team's results at the Superyacht Investor London conference, a gathering of yacht yards and yacht market lenders. Experts at the conference told the Guardian that hacking of yacht systems is a very real problem – especially for the collection of compromising photos of high-profile owners and guests. There are simpler vulnerabilities, too: if anyone on board discloses the ship's position by means of social media, extortionists can dispatch photographers to collect images from shore or from another vessel.
GPS spoofing presents another maritime cyber challenge – not just for yacht owners, but for merchant shipping as well. In 2013, college students and researchers from UT Austin managed to divert the yacht White Rose (exname White Rose of Drachs) with a spoofing device, without setting off alarms or raising the suspicions of the bridge team. When they transmitted a fake signal to the yacht's GPS antenna, the chart plotter on the bridge showed that the vessel had drifted "off course." The crew altered the yacht's heading to compensate. In actuality, they were turning the vessel off its intended course because their GPS showed a false, offset position.
Read the article online here.
Cyber Arms and Fox News
Flaws in the GPS system have been known for a while now, but when a security team took over a 210 foot super yacht by spoofing a GPS signal, more than a few eyebrows were raised.
Using about $3,000 worth of equipment GPS expert Todd Humphreys and his security team from the University of Texas were able to take over the navigation system of a large ship in the Mediterranean.
“We injected our spoofing signals into its GPS antennas and we’re basically able to control its navigation system with our spoofing signals,” Humphreys told Fox News.
After spoofing the GPS guidance signal, Humphreys’ team took the ship through a series of turns, and navigational changes that if done by a real attacker, could have put the ship at great risk.
The ship Captain, Andrew Schofield and his crew could not detect anything amiss.
“Professor Humphreys and his team did a number of attacks and basically we on the bridge were absolutely unaware of any difference,” Schofield said. “I was gobsmacked — but my entire deck team was similarly gobsmacked”
This is very concerning as planes could also be attacked with similar techniques. A few months ago we talked about how plane controls could be attacked with SIMON and PlaneSploit.
GPS navigational navigational security need to be addressed and secured so this doesn’t happen in real life.
Read the article online here.
