During the Monaco Yacht Show 2019, Halo’s Cyber partner conducted basic passive tests to gain a high-level view of the quality of WI-FI security controls implemented on the various yachts and security posture of the show itself.
Whilst wireless is only a small component of a yacht security, it is an area visible to people nearby and any potential attacker may be drawn to a vessel that appears to be less secured than others.
The team did not carry out any intrusive or in-depth testing as they would do under a formal penetration testing engagement, however they were able to glean interesting information about the security controls onboard by passively monitoring the airwaves.
Clients, owners, captains, crew and management companies were invited to attend a live hacking demonstration and presentation of the findings on the final day of the show. The team demonstrated how quickly they could gain complete uncontrolled access to multiple types of wireless, control and CCTV networks.
The Cyber consultants also explained (with practical examples) the best methods for reviewing and securing existing networks onboard, demonstrating the ease of use and immediate benefit of a decoy and deception system.
The tests were split into 2 sections:
- Review of the WI-FI and visible security systems protecting owners, crew, guest and automation, designed to highlight whether there are any obvious flaws that would allow unauthorised access.
- A fake deception system was deployed on the show WI-FI with enhanced monitoring of security activity. This was designed to highlight if anyone else is running any security reconnaissance and attempting to hack systems at the show.
NB: Privacy note – The test team did not specifically target any one vessel or include any data/screenshots highlighting the identification of vessels, onboard systems, crew or owners.
For further information and for a confidential chat, please call one of the team: +44 (0) 1252 915 315 or email: info@halogroupsecurity.com
