In the last time we saw two major accidents in the us navy. Well actually there was more but the media picked up on two: http://edition.cnn.com/2017/08/21/politics/navy-ships-accidents/index.html
While accidents happens all the time
(btw look for the signals, this is the pre photoshoped version 😉 ) the infosec twitter is full of OMG THE RUSSIANS HACKED GPS.
Lets have a look here .. DISCLAIMER: I spent 12 years in the german navy doing it-security and administration. I have a lot of „look what I found .. why are you crying skipper ?“ to my name I will talk broudly. Security etc … Hacking ships now is more a hobby form e than a job. Some of my infos might a bit outdated or purposefully wrong …
A short introduction in navigational systems:
Most of you will have just a basic understanding how a ship operates. Most ships will bhave distinctive systems, as a simplification we will categorise systems in this function groups:
- Going to places ( machine scada systems etc)
- Knowing where you are (ECDISC (chart system), GPS, other navigational aids)
- Knowing where everybody else is (Radar, AIS)
- Living on that thing
- Mission package (Cruise ship systems or weapons etc)
And how hard is it to hack this types of systems ?
For the machine scada stuff, well it is super easy and we have proof oft hat (Stuxnet, @viss on t twitter). Well on a ship it is harder because we have no back channel and no permanent internet connection etc, but with a usb stick you could hack this.
For the System groups 4&5 we will disregard them for now. We want to hack on a broad scope.
The navigational aids are interessting to hack. ECDISC are certified systems, with a lot of known bugs, just look at this yt channel and try to spot all the old os versions , https://www.youtube.com/channel/UCDKFMaBHOmpnc-q6bn7kShw
GPS on the other hand is HARD. Not because of the P(Y) . encryption (btw no civilian signal no P(Y) bc of time dependencies, read up wiki) but because of physics. Spoofing is quite time sensitive, so while it is easy on a lab setting (and some universities did tests on ships) you need to be close to your target to overpower the sat on the antenna. If you jam from far away (low angle) your spoofing might not work. And since most ships have more than one reciever and one antenna it is quite annoying to spoof with a good reliability. Oh and when you can spoof, why waste it on some lousy destroyers in peace time ? Also low angle jamming would be picked up by electronic warfare systems with a good chance. And this would trigger a angry response of the kinetic type so not the best idea.
If I COULD spoof GPS without being close to the reciver I would sit in my evil bunker and lough about all the precision ammo flying past it in a war setting. to valuable in this setting to waste it for some dead sailors. Even as a test .. just grab one oft he many predator drones as a sample. Drones malfunction all the time so nobody would makle a big fuzz about it.
AIS and Radar, well Radar hacking or jamming is a thing, called electronic warfare. So proven concept. And AIS is not encripted or secure. You could imagine it more like a numberplate transponder. Nothing fancy. If you want to cause trouble with it just grab a sailboat sail close to a military exercise area and spoof some ships with a wrong GPS track inside oft he target area and watch them stop shooting. Nothing really hard. And while smuggler and military ships often operate without AIS it makes them stand out like hell on a radar pic, because a blip without AIS information = suspect.
And what happend , lets look at http://gcaptain.com/uss-john-s-mccain-collision-ais-animation-shows-tankers-track-during-collision/ If I look at thew damage pictures it looks like SOMEBODY tried to pass a high traffic area without looking left or right without sending AIS because OPSEC .. so maritime jaywalking. Just my idea .. but if I have to choose between hacking (wich is possible but a hassle and some idiotic „macho man“ manuver .. well my bet is on idiots 😉 )