'

Maritime navigation hack has potential to wreak havoc in English channel

A common navigation system used in the maritime industry could be exploited to cause chaos, a researcher has warned.

screen-shot-2018-06-08-at-12-01-05.jpg
File Photo

A researcher has warned that threat actors are able to compromise common maritime navigation systems to potentially cause chaos in the shipping industry.

As reported by the BBC, security researcher Ken Munro from Pen Test Partners has discovered that a ship navigation system called the Electronic Chart Display (Ecdis) can be compromised, potentially to disasterous effect.

Ecdis is a system commonly used in the shipping industry by crews to pinpoint their locations through GPS, to set directions, and as a replacement to pen-and-paper charts.

The system is also touted as a means to reduce the workload on navigators by automatically dealing with route planning, monitoring, and location updates.

However, Munro suggests that a vulnerability in the Ecdis navigation system could cause utter chaos in the English channel should threat actors choose to exploit it.

TechRepublic: How Norway's $25 million 'Tesla of the Seas' aims to take autonomous shipping off-road

The vulnerability, when exploited, allows attackers to reconfigure the software to shift the recorded location of a ship's GPS receiver by up to 300 meters.

This does not sound like much, but on routes that are congested with maritime vehicles, this may be enough to cause collisions -- especially when the weather and overall visibility is poor.

Munro added that the software could also be tampered with to make ships appear to be larger than their true mass.

If the software, used by many modern ships, begins to sound off alarms based on incorrect ship sizes and locations, this could cause enough disruption to prevent the English Channel's traffic from flowing smoothly.

While the public details of the bug and exploit have been limited at present to protect ships and their crews, the researcher did demonstrate his findings in a demo at the Infosecurity Europe exhibition in London this week.

"There are really basic steps that can be taken to prevent this from happening," Munro told the publication. "In our experience, security on board ships is often dire."

CNET: Sails and subs: A tour of the San Diego Maritime Museum

However, for threat actors to disrupt shipping lanes to such an extent, the Channel Navigation Information Service -- which monitors maritime traffic -- would need to be caught off-guard.

According to experts at the University of Plymouth's Maritime Cyber Threats group, it would take a "cascade of effects" to bring the English Channel to a halt, and quick alerts from the agency could mitigate the damage of such events.

An attack of this magnitude would, in theory, be difficult to pull off successfully. However, the maritime industry cannot sit on its laurels when it comes to cybersecurity -- with threats not only appearing locally but worldwide.

In April, researchers uncovered a hacking ring from Nigeria which targets maritime firms. Dubbed Gold Galleon, the group has been tracked intercepting business emails between shipping companies in an attempt to steal millions of dollars every year.

See also: Gold Galleon hackers target maritime shipping industry

Previous and related coverage