COMMSEC: Hacking Yachts Remotely: IoT Hacking at Sea

In this talk, I will present the latest attack scenarios against modern vessel and yachts.

While modern vessels connected to the Internet via SAT-Com or WiFi / GSM Internet Router and the security of the Network is relying on those devices, this could be interesting, because NMEA Gateways connect to the backbone of the ship via the IP Network. The NMEA backbone (National Marine Electronics Association) is like a CANBUS in cars and these bidirectional gateways are used for communication. Marine routers are sometimes worst. My research will present a couple of holes in maritime router models that are common in yachts to get access to the internal network (CVE-2017-17673).

I will publish my latest 0-Day against a Satcom Device reported under CVE-2018-16114 on 29/8/2018. A PoC script will be released.

The following Attack scenarios against yachts and vessels will be addressed:

  • GPS Spoofing and protection
  • AIS (automatic identification system) spoofing
  • Vessel backbone, the NMEA protocol, and possible attacks
  • Autopilot hacking
  • Internet routers on board
  • Entertainment network and systems
  • SatCom

COMMSEC TRACK
Location: Conf Track 3 / CommSec Date: November 27, 2018 Time: 4:30 pm - 5:00 pm Stephan Gerling