The purpose of taking a cruise is to relax and enjoy some much needed time off from the day to day grind. Like most people taking a vacation, there is not much thought put in to how the cruise ships operate or how secure your stored information is on the ship. In this assessment, three major cruise lines have been evaluated in several different areas over the last 10 years including social engineering, internet cafe security, physical security, wifi vulnerabilities, segregation of passenger network from operations network, financial transactions, and more. Some vulnerabilities are simple hacks to allow one to obtain free wifi without detection, some are more complex that allow one to explore the ship in more obscure ways. In this presentation, successes and failures of hacking the high seas will be discussed.
Chad M. Dewey is a Computer Science and Information Systems instructor at Saginaw Valley State University in Michigan. With a background in network and information security, and his interests including all things security, he takes a particular interest in the security of IoT such as medical equipment, automobiles, cruise ships, and other "weird stuff".