View Full Version : Tanker hacked in 10 minutes

12th Dec 2017, 19:13
?We are in their system.? Ship attacked in ten minutes - The Medi Telegraph (http://www.themeditelegraph.com/en/shipping/shipowners/2017/11/22/are-their-system-ship-attacked-ten-minutes-GtEwOeVvOqq5RnOw0m8HEL/index.html)

“We are in their system.” Ship attacked in ten minutes
Genoa - Hacking demo at Genoa’s Port Authority: virtual attack on an oil tanker. “We are controlling everything from here”.

Genova - “You’ll have to excuse me, I always say the most frightening things on these occasions... but I’m usually right.” Gianni Cuozzo is the 27-year-old CEO of Aspisec, a company that specialises in cyber risk consulting. From his underground beginnings (“I was one of the bad guys wearing hoodies”) he put his knowledge to use in the defence sector, creating one of the leading computer security companies in Northern Europe. In 2016, he decided to return to Italy. And all the Italo-German computer expert needs is a laptop, an internet connection, and 10 minutes to dismantle a ship’s security systems. Live hacking during a convention: unbeknownst to its crew, for a few minutes, hundreds of business people were able to see the data from a ship on the Adriatic Sea, his cursor hovering over the route’s data. Cuozzo used two open-source programmes, accessible to anyone, to identify the ship and the characteristics of its operating system, and then confirmed that the port for access to the AIS protocol (that is the online tracking for the ship) was not protected by a firewall (computer system protection). So having found an unprotected ship, the next barrier was the system password, but “70% of all electronic devices in the world are controlled by a default password set by the manufacturer.” In fact, Cuozzo guessed it on his first attempt by typing in “1234”. “At this point we could take control of all the ship’s systems, without anyone realising. Usually a company realises that it has been hacked six to twelve months after the penetration takes place. I have also worked in war zones: Syria, Ukraine,” Cuozzo explained, “And even in those contexts, the majority of hacks are mistaken for system malfunctions.”

12th Dec 2017, 20:06
Unless what Mr Cuozzo did is being grossly misreported, there's nothing of substance to this report at all.

Looking at an AIS feed and suggesting that, "At this point we could take control of all the ship’s systems, without anyone realising" is just nonsense.

This 2014 report https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/a-security-evaluation-of-ais already made clear that AIS is vulnerable to spoofing but being able to make the ship appear in a different location to other receivers is a long, long way from being able to "take control of all the ship’s systems".

I'm unsurprised to learn Mr Cuozzo is the CEO of a company who just happens to be in a position to sell us the solution to this incredible threat that nobody else is reporting...

12th Dec 2017, 20:14
The guy is also saying that sometimes operators should pay better attention to their passwords and security in general. Considering how easy it was for him to break into the system maybe some operator should check their security policies.

12th Dec 2017, 23:40
Got worried for a while there ;)