The last couple of years have seen a growth in mainstream navigation hardware providers to use Android™ as the “base operating system” (OS) running the current Chart plotters / MFD’s. In my opinion it is a security risk if not managed carefully.
I for one – do not appreciate that trend. Having worked with MANY products in other categories based on Android – they all fail for ONE single reason.
Products do not get updated with latest versions of the Android operating system.
They might get OS upgrades a year or two after initial release but then the updates stop. No OS updates and very few security patches.
Why is Android a problem?
It is a huge problem as the Android Operating system is very complex – it is ALWAYS full of bugs. As Android is very used – bugs become public knowledge very quickly. And bugs are “security holes” that could lead to complete disruption from external sources. The more public the bugs are – the larger the risk of “contamination” as malicious actors run automated “scanners” for known vulnerabilities.
And as Internet connectivity is spreading on boat connections, usually without real firewall protection, the risk increases dramatically. You connect your Android plotter to Wi-Fi at the marina with malicious actors running it – and it is like standing outside on a cold windy day with drizzly rain. It is not a good feeling.
Security by Obscurity
Many “chart plotters” usually use semi-custom operating systems – so systems like QNX Realtime or similar. As they are less known, they are less of a target, just like “MacOS” used to be. (Yes, used to be….). As they are less “known” targets – it is not as rewarding for bad actors to scan for those security issues. Scanning takes time and resources. So they are safer by obscurity.
That all changes with Android OS based chart-plotters. With Autopilot control is integrated into many chart plotters – we are only a short step from complete havoc in a marina when 8 boats start to do the Wave-top tango by themselves – controlled by malicious actors. Or your display show “Send me a bitcoin to be able to turn on your engine and unscramble your electronics equipment!”
I do know why Android is used. It cuts down development cost and licensing. And it gives small teams opportunity to include features like 3rd party Apps and Google PlayStore so you can run “Angry Boats” on your chart-plotter. It also means your plotter might be able to run Netflix in which case your kids will take charge, drain your boat batteries, while you don’t know where in the world your boat is heading. The future is now!
In short – if you buy an Android based chart-plotter – it might be a great time to learn Astro navigation.
Future review standards for Android Chart-plotters
Future Reviews here will automatically deduct 20-30 percentage points for Chart plotters based on Android unless there is a written 3-5 year (estimated lifetime) of full major version OS updates guaranteed or 3-year major version OS updates plus 5-7 years of security updates.
Every Android based chart-plotter tested will carry a big lettered WARNING on the article unless manufacture public disclose OS lifetime and update policy. (We have a couple of Android based chart-plotters under test at the moment)
I have written favourably about the Orca Core & Display 2. The Display 2 is Android based and I hope Orca will support future Android releases. Sadly it is already now delivered with Android 11 where Android 12 is the current. But it is better than quite a few other offerings. But Orca have indicated they will have an Android 12 update – hopefully before the Android 14 release in the autumn. And I hope Orca will push their supplier for major version OS updates going forward.
Protect yourself
If it was not time before – it is for certain time now. Time to consider what kind of protections you should have on your boat network.
I recommend a firewall as minimum for all outgoing Wi-Fi or 3G/LTE/5G. I would also consider disabling all built in WiFi from chart-plotters and other 3rd party devices – and run them through a router via ethernet that have firewall capabilities for suspicious traffic even on the internal network. I’m collecting data now for potential secure network router/firewalls that are boat friendly.
A few examples from other industries:
Here is a link to Android OS Releases that includes last OS updates and last “security updates/patches” – currently Android 10 received security updates in February 2023 but any Android OS older than v10 – is in our opinion outdated and should not be connected to any network where breaches can be a problem. That includes your home network or your boat network. So please PUSH your device manufactures to UPDATE their Android OS’s for as long as possible.
And before you buy a Chart-plotter or other Marine device based on Android – get the Manufacture to disclose their update policy in writing.
Leica BLK3D
Lecia’s BLK3D is a smart 3D image taking and measurement machine. Sadly, the built in Android OS was already obsolete when the BLK3D was released to the public. BLK3D is still sold and still run Android OS 7.1 (Google just announced Android OS v14 with beta starting April 2023) – I do not connect it to my private network – but run it of a complexly isolated network.
LifeFitness with SE3/SE3HD consoles.
LifeFitness is one of the largest fitness equipment makers in the world. The most modern consoles, the SE3 and SE3HD, are Android based – and runs… Android 5.1! Yes we are talking an 8 YEAR old OS is powering the latest and greatest Treadmill.
So, an OS, even 2 years older than the Leica BLK3D. (1 version number increase per year roughly). If you connect that to your network – you are putting all other devices as risk. Android 5.1 have some serious security issues even with ALL security patches installed.
Samsung Phones
Samsung have been one of the absolute worst at providing updates to their phones. You used to be LUCKY to get any updates 6 months post release. Now Samsung is doing slightly better – but expect your phone to be a security risk after 2 years. But then you must live with a massively bloated Android installation that often takes ½ the advertised storage capacity of the phone. Expert users can “root” their phones and install “clean new” versions of Android – but that is not for the masses.
Apple iDevices
While not Android based – Apple have huge market penetration as well. But Apple does better – Apple usually maintains their devices with Major OS updates for 5-8 years. That is how it should be done as a minimum.
** Android™ is a trademark of Google LLC
[…] Here is further information our opinion on Android Based Chart-plotters. We believe that any marine device, delivered with Android as the base OS (operating system), […]