Last week I read a post by Pen Test Partners about how container ships could be hacked via the container load plan (aka ship planning system or stowage plan) which determines where containers are placed on oceangoing vessels. By messing with the computer models, an attacker could delay unloading of certain containers by days or weeks or even cause a ship to capsize.
For the container ships, there are multiple attack vectors, including the fact that the weight data is transferred by USB and email. But it wasn’t hard to imagine how compromised IoT could lead to similar disasters.
Imagine weight sensors on a ship being set to randomly over or underreport containers’ combined weight. You could end up with one side of the ship grossly overweight, and the crew being unaware of the problem until it’s too late.
Or, in cargo vessels carrying chemicals, fuel, or LNG, what would happen if temperature, pressure, and leakage sensors were compromised? Scary.
Similar exploits can be applied to other types of cargo-carrying vehicles, from airplanes to tanker trucks. And we know that hacking IoT sensors can (and will) happen, thanks to Mirai.
There are other dimensions to the IoT security picture when it comes to cargo:
- The trend toward autonomous vehicles — many factories and mining operations already use them, and Tesla’s futuristic big rig shows what might be coming down the road in a few years’ time.
- It’s difficult to monitor a cargo ship in the middle of the ocean or a truck on a remote stretch of highway, let alone apply patches in an emergency situation.
- Spending on IoT security lags compared to other other enterprise/industrial investments in IoT.
Added up, these trends are cause for worry. No major incidents have happened yet (that we know about, at least) but it’s inevitable unless managers and manufacturers take steps to secure transport-associated IoT.
In the transportation/cargo space, IoT vulnerabilities may have a far greater impact beyond the entities victimized by a hack. And it’s not just the transportation industry that has to deal with the security implications of an IoT hack. Basically, if your company has vehicles with sensors and connectivity, including forklift or fleet vehicles, they need to be evaluated, secured, monitored, and patched just like any piece of IT hardware or expensive metal on the factory floor.
Image source: DepositphotosThis is an excerpt from Priority Payload Report.