Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Learn how to exploit critical vulnerabilities in marine autopilot systems through this DEF CON 33 conference talk that demonstrates a sophisticated attack chain targeting commonly-used autopilot computers. Discover how unsigned firmware can be pushed through trusted update channels including SD cards and NMEA 2000 networked chart plotters without any authentication or cryptographic validation. Explore the creation of malicious '.swup' files that can be accepted by autopilot systems to achieve persistent code execution and enable arbitrary CAN bus injection on marine control networks. Follow the complete attack methodology including firmware extraction techniques, reverse engineering of firmware and CAN subroutines, firmware repackaging processes, and observe live demonstrations of effects on NMEA 2000 networks. Understand how this attack leverages trusted firmware delivery mechanisms via chart plotters over NMEA 2000 networks without requiring physical access to the autopilot hardware, making it particularly dangerous for air-gapped marine systems. Gain insights into how firmware-level control in marine environments can be exploited to disrupt critical navigation subsystems, with attack vectors reminiscent of removable media-style delivery methods used in other air-gapped environments.
