Ships are just giant floating computers, filled with ransomware, BadUSB, and worms

Originally published at:

1 Like

Would love to post the Hackers movie clip of the DaVinci worm infecting an oil ship, but alas having trouble finding anything related to it. So, this will have to do as my reference


Sure…though they also transport material goods.


Came for the DaVinci worm, all appears shipshape and Bristol fashion.



And it has cargo on board too.


It’s disappointing that they call out the transport (USB) as an issue, rather than poor security and access controls. This will make someone say “Get rid of the USB!” - and then they will get infected via other mechanisms. HARDEN YOUR SYSTEMS. Defense in depth. Or this will keep happening no matter what transports you ban.


“Sir, we’re potentially at risk of hundreds of millions of dollars in damages and lost shipment liability. Should we look into tightening security?”

“That’s what we have insurance for Johnson. We’d have to pay thousands, tens of thousands!, for that. Some day you nerds will understand business like me.”

  1. Instead of trying to prevent everyone onboard from possessing USB devices, how about protect the USB ports?

  2. Is the solution to switch from technicians with USB drives to technicians with some other just as vulnerable vector for patching? Maybe the issue is the technicians not their choice of USB technology.

1 Like

I’m surprised how insecure USB really is. Shouldn’t operating systems treat USB storage simply as data, and not allow USB to install malware? But of course USB can be other things than data, like all sorts of devices. Maybe this is inherent to a standard that can do everything.

1 Like

There can still be defenses (such as penteract disguised keyboard detector) to block BadUSB devices. Computers shouldn’t be so vulnerable.

I believe that every OS that wasn’t Windows did exactly that.

There have been some subtler mishaps since(and some disquieting reports about the quality of some of the firmware living below the OS’ notice); but Windows hasn’t been a naive enthusiast of autoexec.bat in a while.

The trouble tends to be that it’s a lot easier to ‘air gap’ something than it is to make it capable of useful autonomous operation; so the malware media are frequently being deliberately connected and run to update software or feed data into software that really ought to have been updated and can’t safely handle maliciously crafted inputs.

I don’t doubt that there are some systems where the exposure is sheer laziness; someone couldn’t be bothered to disconnect the ports or set the appropriate driver restrictions; but the bigger menace is stuff that is treated as secure because it’s air gapped; but sufficiently reliant on connectivity that it has a de-facto sneakernet connection. Locking things down, at least against people without unsupervised physical access, is relatively easy. Building systems that can operate in isolation, and so can be locked down without crippling them, is harder; sometimes impossible even in principle.

This topic was automatically closed after 5 days. New replies are no longer allowed.