- org:"Inmarsat Solutions US"
- title:"sailor 900"
- KVH CommBox terminals
- Vessel name / network structure leaked
- "Show Users" link (or can request the content by appending /rest.php?action=QCgetActiveUsers)
Vuln Ship Tracker
ECDIS are the electronic chart systems that are needed to navigate.
AIS transceiver - system that ships use to avoid colliding with each other.
NMEA 0183 messages
- Ethernet and serial networks are often ‘bridged’ at several points (GPS,satcom terminal, ECDIS)
- OT systems are used to control the steering gear, engines, ballast pumps and lots more.
- They communicate using NMEA 0183 messages.
- No message authentication, encryption or validation (only 2 byte XOR checksum)
- Spoof the
ECDIS using the vulnerable config interface, 'grow' the ship and 'jump' it in to the shipping lanes.
- Other ships AIS will alert the ships captain to a collision scenario
- MitM and change NMEA 0183 messages to read differently
- Ex: change the rudder command by modifying a GPS autopilot command