Hack.lu 2018: how to hack a yacht

This video was recorded during the well-known hack.lu 2018 conference in Luxembourg. In the first part, Stephan Gerling presents his view of maritime information systems and briefly discusses services such as GPS and AIS. He then focuses on ship-to-shore connectivity, particularly satellite communications.

He goes on to demonstrate design vulnerabilities in the control interface of a “naval” router. The management interface connects to the router via FTP, and the credentials and passwords are stored in clear text, making it easy to retrieve the WLAN credentials of the system.

He then discusses vulnerabilities related to remote access to onboard systems. Equipment manufacturers and maintenance providers often have remote intervention capabilities, and once again the credentials are stored in clear text in software that is freely available on the Internet. This makes them relatively easy to find—especially when the tools used (such as Winbox) are themselves vulnerable. Stephan responsibly disclosed the vulnerabilities to the manufacturer, who implemented fixes (although, as shown in the video, not particularly well). Moreover, if maintenance policies are weak, vulnerable versions of the software may remain in use for quite some time.

He also demonstrates another vulnerability affecting a remote access system used to manage the interface of a satellite modem. Here again, the passwords are stored in clear text within the modem’s administrative interface. A quick search on Shodan is enough to identify vessels potentially exposed to this vulnerability.

There is nothing entirely new here, but this video—following the one presented at Derbycon 2018—illustrates the growing interest of the cybersecurity community in maritime information systems.