Abstract
In this talk, we detail how a ship could be hacked and taken over by an attacker (remote or local). The title is a reflection of the lack of any cybersecurity aboard most vessels that are currently out at sea, and yes, the time we took control of a few dozen ships.
There is plenty of existing research and articles that allude to this being possible. We have, however, not seen anyone manage to demonstrate this end-to-end. Our contribution is to demonstrate that an external, unauthorised, and unauthenticated attacker can gain access to a ship’s safety-critical systems. Once this is done, the attacker can complete the takeover of the vessel and possibly sink/damage it. This isn’t just a collection of news articles stating that this could happen. Rather, this is us proving that this will happen, if it hasn’t happened already!