Dead Reckoning: Hijacking Marine Autopilots
Carson Green, Rik Chatterjee
DEF CON 33 · Day 1 · Main Stage
In "Dead Reckoning: Hijacking Marine Autopilots," Carson Green and Rik Chatterjee from Colorado State University's System Cyber Research Lab unveil critical vulnerabilities within marine autopilot systems. Their research demonstrates how a malicious firmware update, delivered over the **NMEA 2000** network, can lead to **remote code execution (RCE)** and **arbitrary CAN message injection**. The presentation culminates in a vivid demonstration of an **address claim attack**, effectively seizing control of vital marine network components.
AI review
Solid original research from two grad students who actually did the work — hardware teardown, JTAG extraction, firmware RE, protocol abuse, and a working exploit chain against a real production marine autopilot. The vulnerabilities aren't individually exotic (unsigned firmware + open JTAG is a tale as old as embedded time), but the target domain is underexplored and the end-to-end attack demonstration is credible and reproducible.