Newer yacht models nowadays might include IoT devices with routers and switches, which also means they can be hackable, just like any other device with an internet connection.
As Stephan Gerling of the Rosen Group demonstrated during a security summit last week, modern yachts still have a lot of openings for bad actors to potentially exploit, such as the onboard router having an unsecure FTP protocol.
A yacht’s onboard network could have a vessel traffic service device, automatic identification system, autopilot, GPS receivers, radar, cameras, depth sounders, engine control and monitoring, and more.
Since these features are connected to a network that can be controlled by an external device like a smartphone or tablet, a bad actor could target those devices to access the entire yacht.
As part of his demonstration, Gerling opened a yacht control app on tablet, phone, and desktop, which then connected to a router and downloaded an XML file that contained the entire router configuration.
This includes router credentials and the Wi-Fi SSID and password.