Is all the new technology worth it?

[thinwater]

From "Quigley Down Under."

Elliott Marston: [O'Flynn and Dobkin prepare Quigley for an old-fashioned duel] I seem to remember you're not too familiar with Colonel Colt's revolver, so this will be your first lesson. Don't worry. Mr Dobkin and Mr. O'Flynn will ensure that it's a fair contest.
Elliott Marston: [Marston starts walking backwards] I'll just back up a few paces... And to your left a bit, that's it... Now you're right in front of my old pistol target.
Elliott Marston: [Marston slips his coat back to reveal his holster] Some men are born in the wrong century. I think I was born on the wrong continent. Oh, by the way, you're fired
Matthew Quigley: This ain't Dodge City. And you ain't Bill Hickok.
Matthew Quigley: [Quigley shoots Dobkin, O'Flynn and Marston before they can even aim their guns, then walks up to a dying Marston] I said I never had much use for one. Never said I didn't know how to use it.

https://www.youtube.com/watch?v=rwDmV1KWrKQ

[Colin A]

Quote:

Originally Posted by barnakiel

It is an AES256 coded data stream. The hardware is secured with an AES256 physical dongle.

Good luck hacking.

You will be lucky if you can actually get close enough to have a decent look at the girls basking aboard.

Cheers,
b.

Having worked on Ipad controlled systems the devil is in the setup most are setup very poorly with limited security I doubt many are really locked down in practice. Poor passwords etc kill these systems. I know several megayachts that use the yacht name as their wifi password. The wifi that is also connected to the computers at the helm thru the same router.

[Colin A]

Quote:

Originally Posted by barnakiel

C'mon. Do not give simplistic info!

To enter any password, you need access to the log-in screen.

You never get that far though, with any decent system.

You would need a cahoots, on the boat, that would re-set their system and set in the admin mode. Now, if you do not know this already, any good admin will use a physical dongle authentication for admin access.

All the scenarios assume a vulnerability that only you know about or else a criminal co-operation. OK in hollywood scenarios but not in 2016 real life wireless system management.

I would bet dollars against cents no one at the CF can break into a properly secured plain wifi hotspot.

b.

The systems you have seen onboard seem far different then the ones I have seen on 75-150' yachts many are built with consumer grade equipment and easily accessed. I'm not an expert but while working on a few yachts I have been locked out of a network I was working on (usually by a local network guy the owner or captain hired in one case on a 10 million dollar boat it was geek squad) And been able to get in using a stupid simple password or admin access with defaults to the router.

[Colin A]

I think the best way to describe the original post is as follows.

Just because we can do something doesn't mean we should.

And yes systems like this do exist and yes after a lightning strike there is a decent chance parts are not going to work.

[bmz]

Quote:

Originally Posted by skipmac

My father used to say, you might have the right of way when crossing a highway but if a truck runs the stop sign you might be right but you would be dead right.

In my years boating I have had a number of incidents (most recently last Saturday) where I was the stand on vessel (the correct Colregs term for the vessel that "has the right of way") but the other boat did not give way.

So in the real world, the fact that a vessel is required by colregs to give way (yield) could end up with you in a collision. Since colregs further require that the stand on vessel MUST alter course if the give way vessel does not then you would be also at fault if a collision occurred. And these 60-70' fishing boats without AIS are absolutely a threat. I have often seen them under AP with no one at the helm or at least no one watching, while they were messing with the gear; not fishing so required to adhere to standard colregs as a power vessel.

Regarding "small" fast boats not being a threat to you, there have been many, many cases of injury and death when a "small" speed boat (say 20'-30'-40') ran into a sailboat. From my experience almost no speed boats have AIS.

Neither AIS nor radar is going to help you when a small vessel fails to yield the right-of-way. By the time you are aware of his failure to yield you are both within easy visual distance of one another. You must then honk your horn and make necessary course corrections (although a course correction can also produce an "after you Alfonse" collision). There is a huge difference between a small vessel which can alter course to avoid a collision within a couple hundred feet of you (and vice versa) and a 500 foot freighter moving at 25 kn that cannot and will not change its course. I went out solo sailing today and received a collision alarm from my AIS for ~eight different vessels, ~six of which could not maneuver away from me and required me to yield. Before AIS, I often had the **** scared out of me by one of these bearing down on me from behind.

[OceanoMare]

If you really really really want something like that (stuff mentioned in the OP), failover on manual systems should be available. Otherwise when something will fail 1000nm from the closest shore...

[Cadence]

Quote:

Originally Posted by OceanoMare

If you really really really want something like that (stuff mentioned in the OP), failover on manual systems should be available. Otherwise when something will fail 1000nm from the closest shore...

I thought you were moving looking for credit?

[OceanoMare]

Ah, the Internet...

For everybody else wondering what's going on, he is referring to this thread:

http://www.cruisersforum.com/forums/...us-171628.html

[Cadence]

Quote:

Originally Posted by thinwater

From "Quigley Down Under."

Elliott Marston: [O'Flynn and Dobkin prepare Quigley for an old-fashioned duel] I seem to remember you're not too familiar with Colonel Colt's revolver, so this will be your first lesson. Don't worry. Mr Dobkin and Mr. O'Flynn will ensure that it's a fair contest.
Elliott Marston: [Marston starts walking backwards] I'll just back up a few paces... And to your left a bit, that's it... Now you're right in front of my old pistol target.
Elliott Marston: [Marston slips his coat back to reveal his holster] Some men are born in the wrong century. I think I was born on the wrong continent. Oh, by the way, you're fired
Matthew Quigley: This ain't Dodge City. And you ain't Bill Hickok.
Matthew Quigley: [Quigley shoots Dobkin, O'Flynn and Marston before they can even aim their guns, then walks up to a dying Marston] I said I never had much use for one. Never said I didn't know how to use it.

[Don C L]

Quote:

Originally Posted by Colin A

The systems you have seen onboard seem far different then the ones I have seen on 75-150' yachts many are built with consumer grade equipment and easily accessed. I'm not an expert but while working on a few yachts I have been locked out of a network I was working on (usually by a local network guy the owner or captain hired in one case on a 10 million dollar boat it was geek squad) And been able to get in using a stupid simple password or admin access with defaults to the router.

Ok this is absolutely mind-boggling to me. Someone spends 2 or 5 or 10 million dollars on a boat and they can't figure out how to have a secure system or a decent password? Perhaps they deserve to be hacked?

[Sandero]

I can't conceive of the issues for technology for a mega yacht. I woulds say they certainly benefit from technology... but the account in the OP sounds like someone was asleep at the switch when these systems were conceived, designed and implemented.

The owner probably is rarely aboard, built it for a tax dodge / write off and might charter it as if it were a business....

[Eben]

Rather than be a typical internet a-hole I'm going to put this disclaimer up first. This is not a personal attack on barnakiel, but the comments reflect the exact situation that I have to deal with on a daily basis. Many people think this way, the reason as far as I can ascertain is that awareness is not what it should be.

I'll try to break the arguments down in a logical order in an attempt to raise awareness...

Quote:

Originally Posted by barnakiel

Yep.

You may have had some luck making homebrew experiments but this is not what happens with remote boat management as is found on some maxi yachts. They are custom units and even if you can tap into their data flow (which is by itself very difficult thanks to screening and lack of access to maxi docks) then you are looking at a data stream and you do not even know what you are looking at. NO ROADMAP.

It is one think to break into a wifi router that you know the chipset, the OS, the coding method and so you can easily google up all the loopholes, pitfalls, shortcomings and any other info that may (while more often will not) allow you to breach.

But this is NOT how it is done on maxi boats. The system is custom, it is screened, the boat is physically remote. If you do tap in at all (highly unlikely, unless you get know-how directly from their hardware builders) then all you can see is the coded data stream. Decoding it, as we know, takes up to 20 years using all the computing power on the planet (assuming 50% success).

If you do break into such a system, this implies you had someone at the hardware/software company who gave you a tip. Why should anyone there give you a tip if they make hundreds of thousands of legit money for not giving it to you?

NO DO mate, NO DO.

b.

Firstly, I don't do "home brew" security. I'm a professional. While I can't give you hard evidence to support my claims due to NDA's and other legal restrictions, this is a fact. You state that they are custom systems, great, this means it's even more likely to have vulnerabilities since it's got limited resources to spend on testing unlike something that has got a large user base and constant attention. Not having access to the code has never slowed me down. You're also assuming that the software cannot be reverse engineered. I break custom systems all the time without having access to the code. Reverse engineering is not as hard as people think it is. Most developers fall into the trap thinking that just because they can't do it, it must be hard. Experience has taught me that attackers are often less skilled than the developers who built the code in the first place, but lack of awareness gives the attacker the upper hand.

The argument you set forth is based on finding pre-made exploits on something like exploitdb.com this is assuming you're dealing with a script kiddie and not a real attacker. It doesn't matter if the chipset is unknown or not. All embedded devices are built from known components, even if it's a custom arm based unit. Rolling your own CPU makes it even more likely that something will be done wrong, it's also very expensive so I doubt any yacht builders would do that - they have to make a profit right? You're also not taking into account the attacker that will run a fuzzer against the system to find potential vulnerabilities. Again I'm not talking about script kiddies, I'm talking about someone with a reasonable level of skill (Yes these people do exist and not all of them are nice people).

So your next argument assumes that the only attack vector is the encrypted data stream. There will be wifi on the boat, assuming that the attacker is unable to break the wifi, there's still other attack vectors. Lets take a crude example, late at night the attacker slingshots a usb key onto the decks of the yacht, this has a custom coded exploit that does not have a signature that any AV software can detect (it's easy to test with tools like virus total etc). I've done this experiment in more than one organisation, someone will plug it it. Assuming this establishes a side channel connected to an attacker's machine the attack can advance from there. There's also social engineering and spear phishing attacks that could successfully be deployed to gain some foot hold on the yacht's network. Assuming that the iPad is the only device that can control the yacht, the iPad can be discovered with a simple port scan on the network (tools like nmap will do this). Once the iPad is located it can be compromised (nobody has ever hacked an iPad right - in fact just today there's been 3 new 0-day exploits patched - chances are the yacht iPad might not be patched yet)? Once full access is gained on the ipad the attacker can inspect the iPad memory to determine how to access the encrypted stream, even better would be to compromise the app that does all the work and just run your own custom code from there. This way we don't have to deal with the crypto at all, it's all done for us already. Don't have to spend 20 years trying to figure out a key... This is a common misconception with developers in the industry.

I've performed similar attacks on customers and was successful, so don't tell me it can't be done.

Your assumption is flawed, but lets assume that no other attack vector was successful. So now our only viable attack vector is to get into the manufacturer. With enough rum and strumpets I'm sure that someone in that organisation can be compromised. I doubt an attacker would have to go to these lengths as I'm fairly certain there would be a weak link in the chain much further up.

If I had a dollar for every time someone told me I can't get into their system... oh wait... I do.... They've paid me every time they said that....

Quote:

Originally Posted by barnakiel

C'mon. Do not give simplistic info!

To enter any password, you need access to the log-in screen.

You never get that far though, with any decent system.

You would need a cahoots, on the boat, that would re-set their system and set in the admin mode. Now, if you do not know this already, any good admin will use a physical dongle authentication for admin access.

All the scenarios assume a vulnerability that only you know about or else a criminal co-operation. OK in hollywood scenarios but not in 2016 real life wireless system management.

I would bet dollars against cents no one at the CF can break into a properly secured plain wifi hotspot.

b.

Quote:

Originally Posted by Colin A

Having worked on Ipad controlled systems the devil is in the setup most are setup very poorly with limited security I doubt many are really locked down in practice. Poor passwords etc kill these systems. I know several megayachts that use the yacht name as their wifi password. The wifi that is also connected to the computers at the helm thru the same router.

Firstly, you're wrong about must have access to a login screen. I have a little demo I show developers where I take full control of a machine that does not have remote login enabled. In fact I never even entered a password at all to get full system access. Whilst it might seem logical for this to be the case, it's not. Attackers know how to do these things, it's not as hard as you think it is.

I'd like to see this decent system... especially if it's custom rolled. I dream of a world where systems are secure, the reality is that they are not. Banks get compromised too, they spend more money on security than yacht builders, the SWIFT system got his recently...

Again you're making the assumption that just because you cannot see a way to do it... this doesn't mean that some low life who's not as smart or handsome as you can't. The most frustrating thing about my job is that very smart people get out witted by not so smart people because of lack of awareness.

Before you place that bet, I'd suggest you go check my credentials first... If I'm here I'm willing to bet there's at least one or two more with hidden talents. Boats seem to be a magnet for us. Not sure if Moxie (Holdfast documentary) hangs out on CF, I'd suggest he's easily got the abilities to pull this off too.

Quote:

Originally Posted by Colin A

Having worked on Ipad controlled systems the devil is in the setup most are setup very poorly with limited security I doubt many are really locked down in practice. Poor passwords etc kill these systems. I know several megayachts that use the yacht name as their wifi password. The wifi that is also connected to the computers at the helm thru the same router.

What he said!

Quote:

Originally Posted by Colin A

The systems you have seen onboard seem far different then the ones I have seen on 75-150' yachts many are built with consumer grade equipment and easily accessed. I'm not an expert but while working on a few yachts I have been locked out of a network I was working on (usually by a local network guy the owner or captain hired in one case on a 10 million dollar boat it was geek squad) And been able to get in using a stupid simple password or admin access with defaults to the router.

Here's proof of my assumptions!

A final thought:

IF these systems are in fact secure, that would make me very happy. I really want systems to be secure. Experience has taught me that the world does not work this way. If you can prove me wrong, I'd be elated (This is a sincere comment)! I doubt any yacht has got a cyber security specialist on board that's doing it full time as a job for the yacht's systems. Yes my yacht has got someone like that on board, but I'll be damned if I'm going to be working while on board! Besides, Taleisin doesn't have anything that can be attacked remotely, you'd have to be physically present to get into anything.

If you've read this far I'd like to re-iterate that I've got nothing against barnakiel and this is not an attack on him or even aimed at him. The comments made is a great representation of the general type of discussions I have all the time. Hopefully this is insightful and helps raise awareness around cyber security.

[Eben]

Quote:

Originally Posted by Don C L

Ok this is absolutely mind-boggling to me. Someone spends 2 or 5 or 10 million dollars on a boat and they can't figure out how to have a secure system or a decent password? Perhaps they deserve to be hacked?

This is far more common that you'd like to know...

[Jim Cate]

While I have found the above discourse fascinating, it seems directed at a tiny fraction of the yachting world, and one not closely associated with the OPs question as I understood it.

I feel reasonably confident that there are few skilled hackers who just want to mess with Joe Doak's 40 foot sailboat, but that there are plenty of Joe Doak's boats that rely upon electronic gimmicks to carry out normal operations, and that those electronic gimmicks are subject to random failures. This seems a subject of interest to lots of cruisers who do not sail in megayachts.

Meanwhile, thanks to Eben for posting some interesting aspects of the modern world, ones that I was not very aware of.

Jim

[Panacea2183]

Oh yea and what about lightning? (Again)
No on the electronic engines! Every thing else is cool and convenient various opinions
Manual navigation and DED reckoning seem to be a lost art today
As far as engines go-
Little more smoke
Little more fuel burn
Little less performance
Ya OK, but I'll be at the dock with a martini while your still trying to get your electronically controlled engine to run after an electrical problem or lightning strike
Just my opinion (and buy the way have up close and personal experience with this)
Looking forward to replies.