A computer-powered navigation system used by naval vessels, known as Electronic Chart Display (Ecdis), has recently been noted as the potential target for an attack capable of spoofing the size and location of boats, according to the BBC. Taking advantage of an earlier security risk, caused by many ships never changing their default usernames and passwords for their satellite communications equipment, this hack would allow for remote access to the Ecdis software for the purpose of reconfiguration. Identified by Pen Test Partners, and publicized by Ken Munro, the scale of changes are small – boat position can only be adjusted by about 300 m, and boat size can only be changed up to 1 square km – but are significant enough to cause significant difficulties to shipping.
Says Munro of the hack’s risk to shipping via changes to the boat’s receiver positions, “Ecdis feeds the automatic identification system (AIS) transceiver on many new ships. So, AIS collision alarms would be firing on numerous ships and many would then simply avoid the area completely. It would make for a very brave captain to continue on course while the alert was sounding.”
While questions remain as to the worst case effect of these hacks, Dr. Kimberly Tam, member of the University of Plymouth’s Maritime Cyber Threats research group, notes “even if the vulnerabilities aren’t taken advantage of in the way Mr. Munro mentioned, there are probably many other ways they could be. We may not be able to secure all the systems, because they just weren’t designed with cyber-security in mind. So, instead of investing too much money in creating a technical solution that might not work, it may be easier to address human training.”
Sources:
https://www.bbc.com/news/technology-44397872
