Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2018/
Deadline is 30th June 2018!

<< previous next >>

Swimming IoT: A Hackers Journey into the (in)Security of Modern Yachts

Stephan Gerling

0 vote(s)

Modern vessels and yachts are equiped with many communication systems and connected to Internet. Due to my background, i wanted to know how modern vessels navigate and how the ship electronic is working.

The Backbone of vessels is nowadays based on NMEA0183 or the newer NMEA2000 (SeaTalk NG), which is electrical similar to CAN Bus. NMEA Gateways connecting the Backbone of the Ship with the IP Network. So we have an swimming IoT device with many attack vectors.

While i was working with on of these maritime internet router models, i found several security issues. In a responsible disclosure I reported to vendor, patch is now released and i am allowed to publish the informations.

The following attack scenarios against yachts and vessels will addressed: 

- GPS Spoofing
- AIS (automatic identification system)spoofing
- vessel backbone, the NMEA protocol and possible attacks
- Autopilot (currently working on it)
- internet routers on board
- entertainment network
- attacking SatCom


48 years old electronic specialist, worked at German Army as electronic specialist on Helicopters and where in IFOR SFOR UNSCOM missions.
more than 30 years a firefighter. 17 years now security evangelist for my employer in the Oil & Gas Industry. Everything started with a C64 in 1983
I always want to know, how things works, i void warranty and my background in electronics and IT is my force. Geraffel & I am the cavalry member