MARITIME CYBER WIFI ASSESSMENT MONACO YACHT SHOW 2019

 

Our 360 Maritime Security team attended Monaco Yacht Show 2019 last month and conducted cyber testing whilst manning the stands. Cyber experts conducted basic passive tests to gain a high-level view of the quality of WI-FI security controls implemented on yachts, as well as a review of the security posture of the show itself.

Whilst wireless is only a small component of a yacht’s security, it can be visible to people nearby. Potential attackers will be attracted to vessels that appear ‘less secured’ than others.
The team did not carry out any intrusive or in-depth testing as they would do under a formal penetration testing engagement, however by passively monitoring the airwaves they were able to gain information about the security controls onboard.

Owners, Captains, Crew and Management were invited to our live hacking demonstration on Friday and Saturday of MYS2019, which demonstrated how quickly we could gain complete uncontrolled access to multiple types of wireless, control and CCTV networks on various yachts.

Using practical examples our Cyber team explained the best methods for reviewing and securing existing networks onboard, demonstrating the ease of use and immediate benefit of our decoy and deception system. By luring attackers to connect to a fake deception system, it acts as an early warning system of a cyber-attack. Technology improvements can often take several months to implement on a vessel due to the approval and testing process. A deception system gets around this delay because there are no changes to the existing systems whilst giving you an immediate level of visibility and an indication of a positive breach.

The tests were split into 2 sections:

  1. 1. A review of the WI-FI and visible security systems protecting owners, crew and guests, and automation designed to highlight whether there are any obvious flaws that would allow unauthorised access.

  2. 2. Deployment of a fake deception system on the show WI-FI, with enhanced monitoring of security activity. Designed to highlight if anyone is running security reconnaissance and attempting to hack systems at the show.

The team only conducted passive scans of the airwaves: no active scans were conducted that would have required approval. However, it does beg the question: would anyone have noticed? The only time the team were challenged during the demonstration period was when we openly walked around the show with a device that looked like a TV antenna (see image below).

Infosec Partners Cybersecurity Testing at Monaco Yacht Show 2019

Cyber Expert performing passive cyber testing of yacht systems at MYS 2019

Security scanning and assessments were performed covertly from a device the size of a mobile phone hidden in a pocket. It would be expected that onboard cyber monitoring would pick up suspicious behaviour, not just identify a threat when a 2-foot antenna is pointed towards a vessel.

Previously to this our team performed penetration tests at the London Olympics. Again unattended and unchallenged, a ‘hacking laptop’ was placed in full view, blatantly evaluating the security of the yachts and WIFI in Canary Wharf.

Blatant London Olympics WIFI Security Testing

Unattended laptop performing WIFI hacking during the London Olympics

Privacy impact: The goal behind the analysis was to gain a quick view of the general protection levels on ships in the area and their typical security posture. The test team did not specifically target any specific vessel or include any specific data or screenshots as they contained information that may lead to the identification of vessel, onboard systems and crew or owner.

wifi security snapshot Monaco Yacht Show

WiFi Security @ Monaco Yacht Show – Complete the form below to read the full article

Please complete the form below to read our full Monaco Yacht Show WiFi assessment report…

If you do not receive the download link within a few minutes, please check your spam folder just in case the email has been delivered there instead of your inbox.



Leave a Reply

Your email address will not be published. Required fields are marked *

5 + 20 =

Copyright © Infosec Partners Group 2004 - 2019. All rights reserved     -     CALL : 0845 257 5903 or +44 (0)1256 893662     -     EMAIL : enquiries@infosecpartners.com