I'm the Captain Now! presented at 44CON2022 2022

by Cybergibbons ,

Summary : When I first watched Hackers in 1998, the idea of being able to remotely control ships seemed rather fanciful. After working on container ships as an engineer in the mid-2000s, it seemed every more unlikely. We didn’t have a full-time Internet connection and all the vital systems were truly air-gapped. But things have changed – ships are becoming more and more connected and complex.
As a result, 15 years later, I found myself sat in my pants on the sofa with the ability to control the steering on one of the world’s largest cruise ships. We’ve been able to brick every PLC across tens of oil rigs, pay for food as the captain, and write rude words on the side of the ship.
To get to this point, we had to go on a learning voyage across tens of different vessels, including offshore support tugs, super yachts, oil rigs and container ships. Join me on a whistle stop tour of what’s on a ship, how it’s all connected together, what threats there are and how we find the vulnerabilities. Lots of little tips and tricks that can help anyone examine industrial control systems, understand how they work, and then have a lot of fun with them!