|
Click Here to Login |
25-08-2016, 15:11 | #70 | |
Moderator
Join Date: Sep 2014
Location: Channel Islands, CA
Boat: 1962 Columbia 29 MK 1 #37
Posts: 14,361
Images: 66
|
Re: Is all the new technology worth it?
Quote:
__________________
DL Pythagoras 1962 Columbia 29 MKI #37 |
|
25-08-2016, 15:24 | #71 |
Registered User
Join Date: Apr 2006
Posts: 4,413
|
Re: Is all the new technology worth it?
I can't conceive of the issues for technology for a mega yacht. I woulds say they certainly benefit from technology... but the account in the OP sounds like someone was asleep at the switch when these systems were conceived, designed and implemented.
The owner probably is rarely aboard, built it for a tax dodge / write off and might charter it as if it were a business.... |
25-08-2016, 16:13 | #72 | |||||
Registered User
Join Date: May 2015
Location: Auckland, NZ
Boat: Bristol Channel Cutter
Posts: 126
|
Re: Is all the new technology worth it?
Rather than be a typical internet a-hole I'm going to put this disclaimer up first. This is not a personal attack on barnakiel, but the comments reflect the exact situation that I have to deal with on a daily basis. Many people think this way, the reason as far as I can ascertain is that awareness is not what it should be.
I'll try to break the arguments down in a logical order in an attempt to raise awareness... Quote:
The argument you set forth is based on finding pre-made exploits on something like exploitdb.com this is assuming you're dealing with a script kiddie and not a real attacker. It doesn't matter if the chipset is unknown or not. All embedded devices are built from known components, even if it's a custom arm based unit. Rolling your own CPU makes it even more likely that something will be done wrong, it's also very expensive so I doubt any yacht builders would do that - they have to make a profit right? You're also not taking into account the attacker that will run a fuzzer against the system to find potential vulnerabilities. Again I'm not talking about script kiddies, I'm talking about someone with a reasonable level of skill (Yes these people do exist and not all of them are nice people). So your next argument assumes that the only attack vector is the encrypted data stream. There will be wifi on the boat, assuming that the attacker is unable to break the wifi, there's still other attack vectors. Lets take a crude example, late at night the attacker slingshots a usb key onto the decks of the yacht, this has a custom coded exploit that does not have a signature that any AV software can detect (it's easy to test with tools like virus total etc). I've done this experiment in more than one organisation, someone will plug it it. Assuming this establishes a side channel connected to an attacker's machine the attack can advance from there. There's also social engineering and spear phishing attacks that could successfully be deployed to gain some foot hold on the yacht's network. Assuming that the iPad is the only device that can control the yacht, the iPad can be discovered with a simple port scan on the network (tools like nmap will do this). Once the iPad is located it can be compromised (nobody has ever hacked an iPad right - in fact just today there's been 3 new 0-day exploits patched - chances are the yacht iPad might not be patched yet)? Once full access is gained on the ipad the attacker can inspect the iPad memory to determine how to access the encrypted stream, even better would be to compromise the app that does all the work and just run your own custom code from there. This way we don't have to deal with the crypto at all, it's all done for us already. Don't have to spend 20 years trying to figure out a key... This is a common misconception with developers in the industry. I've performed similar attacks on customers and was successful, so don't tell me it can't be done. Your assumption is flawed, but lets assume that no other attack vector was successful. So now our only viable attack vector is to get into the manufacturer. With enough rum and strumpets I'm sure that someone in that organisation can be compromised. I doubt an attacker would have to go to these lengths as I'm fairly certain there would be a weak link in the chain much further up. If I had a dollar for every time someone told me I can't get into their system... oh wait... I do.... They've paid me every time they said that.... Quote:
Quote:
I'd like to see this decent system... especially if it's custom rolled. I dream of a world where systems are secure, the reality is that they are not. Banks get compromised too, they spend more money on security than yacht builders, the SWIFT system got his recently... Again you're making the assumption that just because you cannot see a way to do it... this doesn't mean that some low life who's not as smart or handsome as you can't. The most frustrating thing about my job is that very smart people get out witted by not so smart people because of lack of awareness. Before you place that bet, I'd suggest you go check my credentials first... If I'm here I'm willing to bet there's at least one or two more with hidden talents. Boats seem to be a magnet for us. Not sure if Moxie (Holdfast documentary) hangs out on CF, I'd suggest he's easily got the abilities to pull this off too. Quote:
Quote:
A final thought: IF these systems are in fact secure, that would make me very happy. I really want systems to be secure. Experience has taught me that the world does not work this way. If you can prove me wrong, I'd be elated (This is a sincere comment)! I doubt any yacht has got a cyber security specialist on board that's doing it full time as a job for the yacht's systems. Yes my yacht has got someone like that on board, but I'll be damned if I'm going to be working while on board! Besides, Taleisin doesn't have anything that can be attacked remotely, you'd have to be physically present to get into anything. If you've read this far I'd like to re-iterate that I've got nothing against barnakiel and this is not an attack on him or even aimed at him. The comments made is a great representation of the general type of discussions I have all the time. Hopefully this is insightful and helps raise awareness around cyber security. |
|||||
25-08-2016, 16:13 | #73 |
Registered User
Join Date: May 2015
Location: Auckland, NZ
Boat: Bristol Channel Cutter
Posts: 126
|
Re: Is all the new technology worth it?
|
25-08-2016, 16:59 | #74 |
Moderator
Join Date: May 2008
Location: cruising SW Pacific
Boat: Jon Sayer 1-off 46 ft fract rig sloop strip plank in W Red Cedar
Posts: 21,198
|
Re: Is all the new technology worth it?
While I have found the above discourse fascinating, it seems directed at a tiny fraction of the yachting world, and one not closely associated with the OPs question as I understood it.
I feel reasonably confident that there are few skilled hackers who just want to mess with Joe Doak's 40 foot sailboat, but that there are plenty of Joe Doak's boats that rely upon electronic gimmicks to carry out normal operations, and that those electronic gimmicks are subject to random failures. This seems a subject of interest to lots of cruisers who do not sail in megayachts. Meanwhile, thanks to Eben for posting some interesting aspects of the modern world, ones that I was not very aware of. Jim
__________________
Jim and Ann s/v Insatiable II, lying Port Cygnet Tasmania once again. |
25-08-2016, 16:59 | #75 |
Registered User
Join Date: May 2016
Location: Cape Cora, Fl
Boat: 2002 Novatec 42 Sundeck Trawler
Posts: 131
Images: 1
|
Re: Is all the new technology worth it?
Oh yea and what about lightning? (Again)
No on the electronic engines! Every thing else is cool and convenient various opinions Manual navigation and DED reckoning seem to be a lost art today As far as engines go- Little more smoke Little more fuel burn Little less performance Ya OK, but I'll be at the dock with a martini while your still trying to get your electronically controlled engine to run after an electrical problem or lightning strike Just my opinion (and buy the way have up close and personal experience with this) Looking forward to replies. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
New RO Filter Technology | San Juan Sailor | Plumbing Systems and Fixtures | 0 | 29-01-2010 12:36 |
New Solar Cell technology!! | shadow | Flotsam & Sailing Miscellany | 14 | 05-11-2008 15:12 |
New solar technology on the way | NoTies | Electrical: Batteries, Generators & Solar | 14 | 07-04-2007 13:00 |
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2024, vBulletin Solutions, Inc. |
Privacy Guaranteed - your email is never shared with anyone, opt out any time.