Israel’s Naval Dome demonstrates hack attack on ship’s controls

Israel-based cyber security company Naval Dome said that it had demonstrated a hack – with the permission of the owner and the system manufacturers– into live, operational systems used to control ship’s navigation, radar, engines, pumps and machinery, reported Schednet.

The team hacked into computer systems which owners are legally obliged to use to control their ships. Naval Dome software engineers say they were able to shift the vessel’s reported position and mislead the radar display. Another “attack” resulted in machinery being disabled, signals to fuel and ballast pumps being over-ridden, and steering gear controls being manipulated.

“We succeeded in penetrating the system simply by sending an email to the captain’s computer,” said Naval Dome chief technical officer Asaf Shefi.

“We designed the attack to alter the vessel’s position at a critical point during an intended voyage – during night-time passage through a narrow canal,” said Mr Shefi, former head of the Israeli Naval C4I and cyber defence unit. “During the attack, the system’s display looked normal, but it deceived the officer of the watch. The actual situation was completely different to the one on screen. If the vessel had been operational, it would have almost certainly run aground,” he said.

The Naval Dome hack altered water depth in line along with the false position data displayed on screen.

“The vessel’s crucial parameters – position, heading, depth and speed – were manipulated in a way that the navigation picture made sense and did not arouse suspicion. This type of attack can easily penetrate the antivirus and firewalls typically used in the maritime sector,” Mr Shefi said. He noted that the captain’s computer was regularly connected to the internet through a satellite link, which was used for chart updates and for general logistic updates. The attacking computer file was transferred to the electronic chart display and information system (ECDIS) in the first chart update. It then identified the disk-on-key use for update and installed itself. Thus, once the officer had updated the ECDIS, the attack file immediately installed itself on to the system.

In a second attack, the test ship’s radar was hit. While the radar is widely considered an impregnable, standalone system, Naval Dome’s team used the local Ethernet Switch Interface – which connects the radar to the ECDIS, Bridge Alert System and Voyage Data Recorder – to hack the system.

“The impact of this controlled attack was quite frightening. We succeeded in eliminating radar targets, simply deleting them from the screen. At the same time, the system display showed that the radar was working perfectly, including detection thresholds, which were presented on the radar as perfectly normal”, said Mr Shefi.

A third controlled attack was performed on the machinery control system (MCS). Naval Dome penetrated the system via an infected USB stick placed in an inlet/socket. “Once we connected to the vessel’s MCS, the virus file ran itself and started to change the functionality of auxiliary systems. The first target was the ballast system and the effects were startling. The display was presented as perfectly normal, while the valves and pumps were disrupted and stopped working. We could have misled all the auxiliary systems controlled by the MCS, including air-conditioning, generators, fuel systems and more”, said Naval Dome CEO Itai Sela. He also warned that manufacturers themselves could be targeted when they took control of onboard computers to carry out diagnostics or perform software upgrades.