Naval Dome Hacks into Ships’ Systems to Prove Cyber Vulnerabilities
Naval Dome’s cyber engineering team hacked into live, in-operation systems used to control ships’ navigation, radar, engines, pumps and machinery, a test that revealed the ease with which hackers can access and override ships’ critical systems.
While the tests were performed with permission and under the supervision of system manufacturers, and the ships were not in any danger, Naval Dome was able to significantly affect the ships’ systems and critical functions. Engineers were able to shift a vessel’s reported position, mislead the radar display, disable machinery, override the signals controlling fuel and ballast pumps and manipulate steering gear controls.
Asaf Shefi, Naval Dome’s chief technology officer and former Head of the Israeli Naval C4I and Cyber Defense Unit, said it was easy to bypass existing cyber security measures during the tests.
“The captain’s computer is regularly connected to the internet through a satellite link, which is used for chart updates and for general logistic updates. Our attacking file was transferred to the ECDIS [Electronic Chart Display and Information System] in the first chart update. The penetration route was not too complicated: the attacking file identified the disk-on-key use for update and installed itself. So once the officer had updated the ECDIS, our attack file immediately installed itself on to the system.”
Naval Dome says it has demonstrated a potential nightmare for the maritime industry’s security with the series of cyber-penetration tests on systems in common use aboard tankers, containerships, super yachts and cruiseships.
Naval Dome Ltd. is an Israel-based company specializing in maritime cyber defense solutions.