AI Engineer - Learn how to integrate AI into software applications
Build AI Apps with Azure, Copilot, and Generative AI — Microsoft Certified
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Learn how to exploit critical vulnerabilities in marine autopilot systems through this DEF CON 33 conference talk that demonstrates a sophisticated attack chain targeting commonly-used autopilot computers. Discover how unsigned firmware can be pushed through trusted update channels including SD cards and NMEA 2000 networked chart plotters without any authentication or cryptographic validation. Explore the creation of malicious '.swup' files that can be accepted by autopilot systems to achieve persistent code execution and enable arbitrary CAN bus injection on marine control networks. Follow the complete attack methodology including firmware extraction techniques, reverse engineering of firmware and CAN subroutines, firmware repackaging processes, and observe live demonstrations of effects on NMEA 2000 networks. Understand how this attack leverages trusted firmware delivery mechanisms via chart plotters over NMEA 2000 networks without requiring physical access to the autopilot hardware, making it particularly dangerous for air-gapped marine systems. Gain insights into how firmware-level control in marine environments can be exploited to disrupt critical navigation subsystems, with attack vectors reminiscent of removable media-style delivery methods used in other air-gapped environments.
Syllabus
DEF CON 33 - Dead Reckoning: Hijacking Marine Autopilots - Carson Green & Rik Chatterjee
Taught by
DEFCONConference