In the maritime domain, different categories of autonomous systems exist or are expected to emerge, including UAVs (Unmanned Aerial Vehicles), USVs (Unmanned Surface Vehicles), and UUVs (Unmanned Underwater Vehicles).

Today, the relatively low cost (a few tens of euros for a basic receiver), the miniaturization of hardware, and the widespread availability of GPS receivers have led many to assume that this global infrastructure will always be available. These advantages have also enabled the rapid expansion of GPS usage across many sectors where it was previously absent: healthcare, pet tracking, sports, agriculture, domestic robotics such as lawn mowers, photography, and even port cranes (see also this article). As a result, it is now difficult to estimate how many GPS receivers are currently deployed worldwide.

Apparently, we are no longer supposed to adopt an alarming tone, so let us try to analyze it calmly.

The company, which operates in the United Kingdom and the United States, conducts penetration tests at the request of its clients on different types of ships. In their article, they explain that each time they perform such work, they manage to identify information systems that few — sometimes none — of the crew members know about, or whose purpose they do not understand. This may seem surprising. However, there can be explanations (which the article does not highlight, preferring — somewhat excessively in my view — the buzz). Here are a few possible explanations:

This video was recorded during the well-known hack.lu 2018 conference in Luxembourg. In the first part, Stephan Gerling presents his view of maritime information systems and briefly discusses services such as GPS and AIS. He then focuses on ship-to-shore connectivity, particularly satellite communications.

He goes on to demonstrate design vulnerabilities in the control interface of a “naval” router. The management interface connects to the router via FTP, and the credentials and passwords are stored in clear text, making it easy to retrieve the WLAN credentials of the system.

Presentation delivered during the Derbycon 2018 conference.