Eric Thayer, Chief Engineer, and Eric Sognefest, Reverse Engineer III, attended the 2022 CyberBoat Challenge at Michigan Tech in Houghton, Michigan in May.
This three-day event is designed to place college students into an accelerated environment in which they are provided the knowledge and resources to develop attacks against industry relevant target systems and jump start their careers in cybersecurity. Colorado State Universities Systems Engineering Department and other collaborators helped enable industry partners, other universities and students to come together to understand and conquer maritime cybersecurity challenges.
Industry driven cybersecurity exercises such as CyberBoat are an exciting opportunity to assist in the growth of the next generation of reverse engineers through training and mentorship. Students and mentors are placed in an environment that facilitates collaboration and creative thinking with a single end goal in mind, break the target system. The Hackathon style environment created by this challenge encourages students to identify an attack method or technique they are interested in experimenting with and then provide them with the guidance required to achieve their goal. Students investigated protocol attacks, RF message injection and jamming and even GPS spoofing to influence the behavior of the target systems. The practical experience, exposure to new targets and ability to experiment with new attack vectors made this exercise beneficial to all that attended.
While there, Sognefest presented a two-hour class to the students on the process taken to perform an assessment against an embedded target and he and Thayer served as mentors for the practicum portion, a six-hour hands on assessment on the final day of the challenge.
“This event is a great opportunity for young engineers to develop their public speaking skills, gain mentors and get on a solid path toward a successful career in cybersecurity.” said Thayer. “The challenge is in its first year but was modeled after other great challenges like CyberAuto and CyberTruck.”
The day one class agenda provided students with an understanding of the basics of ship systems and the sensors that they have aboard with classes presented by Fathom5 and Digital Silence like Maritime ICS Protocol Exploitation, Maritime Sensor Exploitation, SDR and GPS and Maritime Testbed Assessment & CTF.
Class structure for day two was focused on providing students with knowledge of the adversarial process, tools and protocols that they would need to perform their assessment on day three. Classes were led by GRIMM, Colorado State University, Fathom5, Libertas and AIS.
To prepare for their presentation on how to conduct an assessment, Thayer and Sognefest were provided access to a Sofar Spotter Buoy to perform a security assessment on. Their findings and process would then be reviewed in their presentation, ‘Hack to Hack’ the next day.
“We quickly began performing analysis of the target to identify what it was, how it worked, what its capabilities were and what aspects of the system we would be able to include into the presentation,” said Thayer. “We quickly identified firmware images for the target on the vendors site, found a diagnostic tutorial on the FAQ and managed to interact with the device via the exposed UART. We determined that the system was built on an AVR microcontroller and had a built in Iridium modem to upload collected data and take configuration/software changes. The firmware image was reverse engineered, and we were able to extract a significant amount of knowledge of the systems operation and use. These devices are primarily used as university and environmental research platforms and in-depth analysis of the exposed API and web interface showed that there was reasonable attack surface for students to learn security basics. We then incorporated screenshots, web interfaces and hardware interaction into the presentation for the next day.”
Sognefest led the ‘Hack to Hack’ presentation, detailing the process used to perform an assessment. Basic analysis approach and examples were provided using a vulnerable IoTGoat image and basic host level information gathering, recon and attack techniques. He then exposed the students to the Spotter Buoy and applied the same process to that piece of hardware, interactively walking them through the information gathering phase, searching the FCC database, browsing through the vendor’s website and basic device interaction.
The students leveraged the process during the practicum the next day by using the resources and steps outlined in the presenation.
“On the last day of the challenge, most of the activity involved helping students collect information about the target systems and formulate attacks,” said Thayer. “Students and mentors worked together on jet skis, buoys and boats to hack into the navigational and operational systems. It was a great event for students to expand their cybersecurity knowledge and experience.”
On this week’s agenda, Thayer is attending the CyberTruck Challenge being held in Warren, Michigan. AIS is a sponsor of this premier event, which brings together a community of interest related to heavy vehicle cybersecurity issues and develop talent to address those challenges.
Photos courtesy of Michigan Technological University