These days, yachts are literally packed with IoT devices - various devices connected to each other and to the Internet - that are as easy to hack as any other device connected to the World Wide Web. At Security Analyst Summit 2018, Stephan Gerling of the ROSEN Group demonstrated just how vulnerable modern boats are to hackers.
Meanwhile, yachts are now loaded with devices connected to the web to control them from phones and tablets: automatic identification system (AIS), VTS device, autopilot, GPS receivers, radars, cameras, echo sounders, engine control and monitoring system and many more.
To make it clear, Gerling launched an app to control the yacht from a tablet, connected to the router and downloaded an XML file containing its entire configuration, including credentials, Wi-Fi SSID and password. Since the file was transferred over an unsecured FTP protocol, hackers could easily intercept it and, consequently, take control of the router and the internal network.
Similarly, hackers can access other data, including audio and video, as well as connect to any device on the yacht.
Moreover, it turned out that the router's operating system has an account with administrator privileges, probably created by the developers for remote technical support. But what is more disturbing is that access to it is also saved in the software.
«We can't give much advice to boat owners," comments Kaspersky, "as they usually buy the on-board network and devices as a single package and are unlikely to install each router and cable individually. All we can recommend is to choose wisely the manufacturer of the infotainment solution».
This problem is a real issue. For example, last fall unknown persons hacked into the electronics on the 152-foot yacht Lady May, owned by a Chinese billionaire, which almost caused her to collide with a tanker.