Real Exploits, Testbed Validation, Policy Gaps in Maritime Connectivity
Juwon Cho
Policy @ DEF CON 33 · Day 1 · Policy @ DEF CON
In an era of increasing digitalization and autonomy for modern vessels, the talk "Real Exploits, Testbed Validation, Policy Gaps in Maritime Connectivity" by Juwon Cho and his team sheds critical light on the severe cybersecurity vulnerabilities present in maritime satellite communication systems, specifically **Very Small Aperture Terminals (VSETs)**. This presentation, delivered at Policy @ DEF CON, goes beyond theoretical discussions, demonstrating practical exploitation paths from a ship's VSET to its crucial operational technology (OT) systems, including PLCs and HMIs, capable of causing physical damage and disrupting vessel operations.
AI review
A genuinely solid piece of applied security research that earns its place at DEF CON by doing the actual work: firmware rehosting, real CVEs against named vendors, zero-days in commodity network hardware, and a five-level testbed that validates a full VSET-to-PLC kill chain. The policy framing fits the Policy @ DEF CON track and doesn't dilute the technical core. Minor reservations around the student-team execution polish and the fact that some of the policy recommendations are fairly standard hygiene, but the primary research contribution is real and the demo is damning.