Voice, navigation, and radar data aboard ships are all at risk, according to an expert who claims that some devices that contain sensitive ship information just aren’t secure enough. This could be good news for pirates and spies, and bad news for the good guys.
Motherboard reports that large boats, like cruise or cargo ships, are quite susceptible to hacking. You see, the maritime equivalent of an aeroplane’s “black box” can be ridden with vulnerabilities, which practically invite ne’er-do-wells to spy on the vessels, slurping up all sorts of valuable information about the ships — and the countries that own them.
“Remote attackers are able to access, modify, or erase data stored on the Voyage Data Recorder,” Ruben Santamarta, a researcher at security firm IOActive, wrote in a blog post today. Those Voyage Data Recorders, or VDRs, store data like speed, position, audio conversations, and other crucial info.
In the post, Santamarta points to one example of a VDR in particular: a model called the Furuno VR-3000. He says that it can’t update firmware properly, its encryption is weak, and that “basically, almost the entire design should be considered insecure”. What’s the worst that could happen, you ask? Terrorism, cyberattacks, violent piracy, and smuggling, for starters. (Furuno apparently told IOActive that it plans release a patch to fix the bugs by the end of this year.)
Motherboard says ships’ data isn’t usually connected to the internet, but that it’s still easy for an enemy to hack into the ship’s network via a crew member’s computer. From there, enemies could install malware, delete radar images, alter position readings, listen in on conversations via microphones on the bridge, and more.
It’s happened before: We previously reported on hackers who infiltrated the networks of 400,000 sea vessels worldwide in 2013.
Ships need security infrastructure that’s up to snuff, and both operators and VDR manufacturers need to make sure the ships secure before even think of taking to the high seas.
[IOActive via Motherboard]
Top image: Shutterstock