During a penetration test, the company discovered an unknown device connected to the ship’s ethernet network.
There was no trace of it in the ship’s inventory, and none of the employees knew what it was.
The device was connected to a Windows terminal located on the deck, whose brightness was so intense that the crew had covered it so as not to be annoied during the night: everyone thought that if he was there, there had to be a good reason, so the device had remained there, in plain sight.
The experts’ assessment revealed that the Windows pc had cables that connected it to the ship’s engines, some floors below: using this connections, the unknown terminal was able to operate on the main controls of the engines.
Further, on the Windows machine was installed an old (and vulnerable) version of TeamViewer, the popular remote control program.
Essentially , a ship was circulating with a remote control system that nobody knew anything about.
A huge risk, according with the report:
…this PLC was immediately adjacent to another PLC dealing with the main engine safety systems – those that handle engine slowdown and shutdown. If this triggered mistakenly, the ship could lose power. If it didn’t trigger, the engine could be destroyed.
That might seem extreme, but these shutdowns are absolutely vital. There are several triggers than need acting on very quickly to prevent catastrophic events happening – such as a crankcase explosion. Back in the day when I was a ships engineer, if my pager went off with an engine alarm, a main engine shutdown was always a possibility. I’ve had to do it once, leaving us drifting in the Straits of Malacca whilst we fixed the problem and brought the engine back online.
For example, there is a device called an oil mist detector (OMD) on the side of the crankcase, continuously sampling the air inside. If a fine mist of oil is detected above a certain level, it may mean a hotspot is vapourising oil. This oil vapour can explode.
Bear in mind this engine is bigger than a house. A crankcase explosion could destroy the main engine, or kill crew.
The unmasking of the mistery device
The investigation discovers that the Windows device had been installed a few years earlier to allow an external company to monitor fuel consumption and then had been forgotten. The collaboration with the company was over, but no one had shut down and uninstalled the remote control device.
It turned out that a third-party that no one really knew about had remote access to a box connected to the main engine.
It turns out the commercial arrangement with the third-party stopped several years ago.
Let that sink in.
A vulnerable box that no-one knew about with a direct, remote connection to the main engine
A regular reconnaissance of your company network in search of obsolete or unauthorized devices is always a good thing. Because if you don’t, someone with bad intentions could do that!