Manufacturers of modern vessels didn\u2019t escape the common trend of connecting various parts of their ships to the Internet. As a result, any modern yacht now contains not only navigation systems, but also a pack of IoT devices with routers and switches \u2014 regardless of whether they\u2019re really necessary.<\/p>\n
As a result, yachts have the same security problems as other devices that suddenly<\/em> became Internet-friendly: Technologies developed before modern security standards, navigation and infotainment systems connected to the same network, unprotected Internet connections on board, and more. Stephan Gerling of the ROSEN Group reported some of these problems during the Security Analyst Summit 2018<\/a> conference.<\/p>\n A yacht\u2019s onboard network may include a lot of things<\/a> \u2014 a vessel traffic service (VTS) device, automatic identification system (AIS), autopilot, GPS receivers, radar, cameras (including thermal), depth sounders, engine control and monitoring (some are cloud based now), and more. All of these electronics are connected to a network through a bus based on National Marine Electronics Association (NMEA) plug-and-play standards. The newest of these standards is NMEA 2000 (or N2K). Curiously, it\u2019s related to the CAN bus used in road vehicles.<\/p>\n Even when electronic marine tools are not connected to the Internet, they can fall prey to some known vectors of attack: GPS jamming, GPS spoofing, AIS spoofing, and so on. Such attacks are not just theoretical; some have already happened<\/a>. In attacks of this kind, malefactors alter information about a ship\u2019s position and speed \u2014 data collected by AIS and transmitted, for example, to a harbor master to avoid collisions. Attacks on a GPS signal or AIS connection can cause navigation problems and even lead to collisions with other vessels, with serious damage and even human casualties.<\/p>\n In addition to NMEA, modern yachts have other networks on board. Infotainment networks are based on the TCP\/IP protocol, which we use every day and includes the connected devices we know well: routers and switches, Wi-Fi<\/a> access points, VoIP phones, smart TVs, and so on.<\/p>\n The issue here is that NMEA and TCP\/IP networks are connected through a gateway. On the one hand, that means a yacht\u2019s owner can remotely control and monitor the vessel\u2019s systems, from lights or curtains to an engine, from his\/her smartphone or tablet. Even the autopilot can be controlled by special wireless device. On the other hand, that means that these two networks are not isolated, and if an infotainment network is hacked<\/a>, it is possible to hack deeper \u2014 into the NMEA network.<\/p>\n Of course, infotainment networks get Internet access through satellite, high power 4G\/3G\/2G, and Wi-Fi modules.<\/p>\n To demonstrate how insecure a boat\u2019s network can be, Gerling brought aboard one available solution to set up and control the Internet connection and local networks. For the user\u2019s convenience, the solution can be remotely controlled (by software for Windows, iOS, or Android), and that is where problems start.<\/p>\n For example, every time the control app is opened on a tablet, mobile phone, or computer, it makes an FTP connection to the router and downloads an XML file. This file contains the complete router configuration, including hardcoded router credentials and Wi-Fi SSID and password in clear text. Thanks to the insecure FTP protocol, this data is easy to intercept, meaning that criminals can take full control over a yacht\u2019s router and infotainment network. In addition, Gerling found a user account with root rights in the router OS that was left by developers, probably for a remote technical support.<\/p>\n What can a cybercriminal do after taking control of an infotainment system? Well, for example, intercept traffic including HTTP requests, audio (VoIP) and video (surveillance) streaming, and more. It\u2019s a good start not only for espionage, but also for attacking every device on board that has a Wi-Fi connection.<\/p>\n After Gerling reported all discovered issues to the vendor, the network protocol was changed from FTP to SSH, and new app and router firmware versions were developed. The patched software does still contain hardcoded credentials \u2014 developers just changed the password from \u201c12345678\u201d to a more complicated one. And the developer\u2019s root account still remains in the router\u2019s operating system, even after the patch.<\/p>\n Looking at the situation as a whole, we do not have many tips for yacht owners. Onboard infotainment systems are not usually a DIY setup of routers and cables but instead are delivered as a complete solution with limited options. And it\u2019s unlikely many yacht owners will install and adjust their own systems. In a nutshell, all we can recommend is to choose your infotainment solution\u2019s manufacturer wisely.<\/p>\n That said, the research shows even complicated and expensive solutions may contain primitive, easily exploitable flaws that can be used for espionage on a yacht\u2019s owner and guests. What happens on board won\u2019t stay on board, in other words. Taking into consideration how many high-profile victims own or rent a vessel, manufacturers should pay much more attention to security \u2014 and proactively involve experts and pentesters \u2014 not simply wait for serious leaks, for which they will be rightly blamed.<\/p>\n From an IT-security perspective, a connected yacht is very similar to a connected car, so similar methods can be used for protection: for example, implementing a gateway that secures the data exchange between the components of an onboard computer system. One such option would be a device powered by our Kaspersky OS<\/a>, which we are developing for car manufacturers.<\/p>\n