Ken Munro, a consultant at Pen Test Partners, said system vulnerabilities and “poor security hygiene” — such as leaving administrator passwords as default, could allow a hacker to change a ship’s course, make the ship appear to jump position or make it appear to be bigger than it really is.
He said using these techniques a hacker could trigger another ship’s collision alarm, invariably causing the ship’s captain to take action.
“It would be a brave captain indeed to continue down a busy, narrow shipping lane whilst the collision alarms are sounding. Block the English Channel and you may start to affect our supply chain,” he said.
Writing on the Pen Test Partners blog, Munro said ship security was “in its infancy” and many of the vulnerabilities he found had been fixed in “mainstream IT systems” years ago.
