Cyber attacks targeting a shipping navigation system could be used to block the English Channel, a security researcher has warned.
Ken Munro, a consultant at Pen Test Partners, said system vulnerabilities and “poor security hygiene”, such as leaving administrator passwords as default, could allow a hacker to change a ship’s course, make the ship appear to jump position or make it appear to be bigger than it really is.
He said using these techniques a hacker could trigger another ship’s collision alarm, invariably causing the ship’s captain to take action.
“It would be a brave captain indeed to continue down a busy, narrow shipping lane whilst the collision alarms are sounding. Block the English Channel and you may start to affect our supply chain,” he said.
Writing on the Pen Test Partners blog, Munro said ship security was “in its infancy” and many of the vulnerabilities he found had been fixed in “mainstream IT systems” years ago.
“Vessel owners and operators need to address these issues quickly, or more shipping security incidents will occur. What we’ve only seen in the movies will quickly become reality,” he said.
The security flaw starts with ship’s satellite communication terminal (satcoms), which are often connected to the wider internet and often still have their default login details. Munro said the login credentials “admin/1234” were commonly in use and some systems were using a version of Microsoft Windows from 1993.
Once connected to the satcom, Munro said it was often possible to access the ship’s navigation system, or Electronic Chart Display and Information System (ECDIS), which can be linked directly to the ship’s autopilot. “Hack the ECDIS and you may be able to crash the ship, particularly in fog. Younger crews get ‘screen fixated’ all too often, believing the electronic screens instead of looking out of the window,” he said.
In one system they found a vulnerability where it was possible to change where the ECDIS thought the GPS tracker was on the ship, which in one example could cause the boat to appear to jump from one end of Dover Harbour to the other.
A hacker could also increase the apparent size of a ship to 1km sq, which could trigger the collision warning systems of nearby ships.
Munro, who released his findings at the security conference Infosecurity Europe, said these were just some of the vulnerabilities found and more serious weaknesses needed to be disclosed to system manufacturers before they could be made public.
☛ Want to stay up to date with the news? Sign up to our daily bulletin.