Brother
Professional
- Messages
- 2,590
- Reaction score
- 544
- Points
- 113
New yacht models that include IoT devices with routers and switches can be hacked just like any other device with an Internet connection. As reported security researcher Stefan Gerling (Stephan Gerling) summit on cyber security in Cancun (Mexico), modern yachts have multiple vulnerabilities that could potentially be proekspluatirovat intruders, for example, on-board router having unprotected FTP protocol.
As the specialist explained, the yacht's on-board network may contain a vessel tracking device, an automatic identification system, an autopilot, GPS receivers, radar, cameras, depth sensors, engine control and monitoring systems, and much more. Since these functions are connected to a network that can be controlled by an external device such as a smartphone or tablet, an attacker can hack these devices and take control of the vessel.
As part of the presentation, Gerling opened the yacht management application (yacht and router model not disclosed) on a tablet, phone and computer, and then connected to the router and downloaded an XML file containing the router's configuration. In particular, the researcher was able to obtain the credentials of the router, the SSID of the Wi-Fi network, and the password. According to the expert, since the file is transferred over an insecure FTP protocol, it can be easily intercepted by hackers, after which attackers can fully control the router and the network.
In addition, an account with superuser rights was discovered in the operating system of the router, created by the developers, probably for remote technical support.
Following Gerling's presentation at the summit, the yacht manufacturer whose software was used has released a fix that addresses some of the listed security issues. The patch changed the yacht's router FTP protocol to SSH, however the superuser account was not removed.
