In June, in international waters some 30 miles off the coast of Italy, the White Rose of Drachs began to drift starboard.
Inexorably, the $80 million, 65-meter luxury super-yacht yielded its GPS-determined course until it was under complete control by hijackers.
No alarms went off.
As far as the ship’s GPS equipment was concerned, the signals it was getting were authentic, and once a location discrepancy was reported by the ship’s navigation system, a course correction was initiated by the crew.
But those signals were not authentic, and the ship was not on course.
The signals were in fact being sent from the White Rose’s upper deck by University of Texas/Cockrell School of Engineering graduate students Jahshan Bhatti and Ken Pesyna.
A team from the school had been invited aboard while the White Rose sailed from Monaco to Rhodes, Greece, on the Mediterranean Sea.
Using a blue box about the size of a briefcase, the duo spoofed the ship’s GPS signals, sending counterfeit signals that slowly, subtly overpowered the authentic GPS signals until the ship ultimately came under their control.
If this sounds familiar, it’s because students from this engineering school did the same thing to a drone last year.
In May 2012, the engineering students tried out their $1,000 spoofer, which they had cobbled together in response to a dare from the US Department of Homeland Security (DHS).
Under the direction of Assistant Professor Todd Humphreys, who is now working for the Department of Aerospace Engineering and Engineering Mechanics, the students last spring managed to hack and hijack a drone with what Humphreys at the time said was the most advanced spoofing device ever.
Both the drone and yacht hijackings were designed to shed light on the perils of navigation attacks, serving as evidence that spoofing is a serious threat to marine vessels and other forms of transportation.
In plain English, that means that hackers can send drones smashing, say, into our skulls.
After the students had gained control of the ship’s navigation system, the team planned to coerce the ship onto a new course with subtle maneuvers that positioned the yacht a few degrees off its original course.
When the ship’s navigation system detected the location discrepancy, the crew corrected the course – at least, they thought they did.
In reality, their course corrections were setting the ship slightly off its course line.
The attack is portrayed in this video posted on Monday by the school.
According to a writeup from the school, inside the yacht’s command room, an electronic chart showed its progress along a fixed line.
On deck, however, passengers could detect “a pronounced curve showing that the ship had turned,” the school reported.
Humphreys said that the ship actually turned – a movement that all could feel – but the chart display and the crew “saw only a straight line.”
The yacht had been nudged onto a parallel track hundreds of meters from its intended course.
Chandra Bhat, director of the Center for Transportation Research at UT Austin, said that the experiment highlights the vulnerability of the transportation sector to such attacks:
“The surprising ease with which Todd and his team were able to control a (multimillion) dollar yacht is evidence that we must invest much more in securing our transportation systems against potential spoofing."
Humphreys said that the experiments are applicable to other semi-autonomous craft that are now operated, in part, on autopilot.
The demonstrations are part of an ongoing research project supported by the university’s Wireless Networking and Communications Group through an Industrial Affiliates program.
DHS has been attempting to identify and mitigate GPS interference through its Patriot Watch and Patriot Shield programs, but the effort has been deemed poorly funded, was still in its infancy as of June 2012, was mostly geared toward detecting GPS hackers using jammers instead of spoofers, and, judging by the results of the successful yacht takeover, hasn’t to date produced much change in the vulnerabilities of GPS.
Now, in addition to worrying about hackable juggernauts flying over us in the form of drones, we can worry about autopilot superyachts being yanked like puppets on strings by pirates, careening off course, or being used as weapons.
Would one call those hackable aquanauts?Follow @NakedSecurity