16
posted ago by clemaneuverers ago by clemaneuverers +17 / -1

Tests Show Ease of Hacking ECDIS, Radar and Machinery

Security company Naval Dome has demonstrated what it says is the maritime industry’s nightmare security scenario with a series of cyber penetration tests on systems in common use on board tankers, container ships, super yachts and cruise ships.

The tests demonstrated the ease with which hackers can access and over-ride ship critical systems.

With the permission and under the supervision of system manufacturers and owners, Naval Dome’s cyber engineering team hacked into live, in-operation systems used to control a ships’ navigation, radar, engines, pumps and machinery.

While the test ships and their systems were not in any danger, Naval Dome was able to shift the vessel’s reported position and mislead the radar display. Another attack resulted in machinery being disabled, signals to fuel and ballast pumps being over-ridden and steering gear controls manipulated.

Commenting on the first wave of penetration tests, on the ship’s Electronic Chart Display and Information System (ECDIS), Asaf Shefi, Naval Dome's CTO, the former Head of the Israeli Naval C4I and Cyber Defense Unit, said: "We succeed in penetrating the system simply by sending an email to the Captain's computer.

“We designed the attack to alter the vessel’s position at a critical point during an intended voyage - during night-time passage through a narrow canal. During the attack, the system's display looked normal, but it was deceiving the Officer of the Watch. The actual situation was completely different to the one on screen. If the vessel had been operational, it would have almost certainly run aground.”

According to Shefi, the Naval Dome hack was able to alter draft/water depth details in line with the spurious position data displayed on screen.

“The vessel's crucial parameters - position, heading, depth and speed - were manipulated in a way that the navigation picture made sense and did not arouse suspicion,” he said. "This type of attack can easily penetrate the antivirus and firewalls typically used in the maritime sector.”

Shefi said: "The Captain's computer is regularly connected to the internet through a satellite link, which is used for chart updates and for general logistic updates. Our attacking file was transferred to the ECDIS in the first chart update. The penetration route was not too complicated: the attacking file identified the Disk-On-Key use for update and installed itself. So once the officer had updated the ECDIS, our attack file immediately installed itself on to the system.”

https://securityledger.com/2018/06/container-ships-easy-to-hack-track-send-off-course-and-even-sink-security-experts-say/

One reason it’s so easy to hijack the satellite communications of a ship and take admin rights on the on-board terminal is that many terminals are available on the public Internet and have default credentials “admin/1234” or “admin/12345,” which are obviously quite common and easy to guess, Munro said.

The PTP team also managed to hack a ship’s satcom terminal hardware, which had admin interfaces over telent and HTTP and, upon closer inspection, unsigned firmware, he said.

Moreover, the team also could edit the entire web application running on the terminal, something that also can be leveraged in attacks. Hackers with a bit of access also could elevate their privileges by installing an older, more vulnerable version of the firmware because there was no rollback protection for it, Munro said.

Once the satcom terminal was hacked, researchers found it’s often quite easy to get directly onto the ship’s own network, which is where some of the real harm can be done and the danger lies for those on board.

“We often find a lack of network segregation on the vessel,” Munro said. “Hack the satcom terminal and you’re on the vessel network.”

Once on the ship network, researchers demonstrated two methods for sending a ship the wrong way–one by hacking its ECDIS, which are the electronic chart systems ships use to navigate, and the other by exploiting the serial networks on board that control the Operation Technology (OT).

...

In the more than 20 different ECDIS units the PTP team tests, they found “all sorts of crazy security flaws,” including the running of ancient operating systems like Windows NT, he said.

A poorly protected configuration interface on one system even allowed the team to “jump” the boat from one side of Dover Harbor to another by spoofing the position of the GPS receiver on the ship–basically telling the ECDIS that the GPS receiver is in a different position on the ship, Munro said.