Researchers have warned of gaping security holes in one of the shipping industry’s communications standards that leave them in danger of hacks from pirates or terrorists.
The vulnerabilities, discovered by Trend Micro researchers Kyle Wilhoit and Dr. Marco Balduzzi, working with independent researcher Alessandro Pasta, were resident in the Automatic Identification System (AIS), a vessel tracking system used by all commercial ships weighing over 300 metric tons.
A first set of flaws were found at the AIS Internet providers that collect AIS data and distribute them publicly. Attackers could intercept the data and manipulate it to change the apparent position, course, speed and name of the ship, amongst other details.
They could even create fake vessels, buoys, lighthouses and marine aircraft such as search and rescue helicopters.
There were also flaws in the AIS protocol itself, which was “designed with seemingly zero security considerations”, according to Trend. These could allow an attacker to impersonate a marine authority and permanently disable the AIS system.
“This can also be tagged to a geographical area e.g. as soon as ship enters Somalia sea space it vanishes of AIS, but the pirates who carried out the attack can still see it,” Trend Micro said in a blog post.
Amongst the specific vulnerabilities in AIS were lack of authentication and zero validation to check where a message came from. Everything was sent in unencrypted and unsigned form, meaning intercepting and tampering were effortless.
It would be cheap for the attacker too. “While all the attacks we described above were carried out in our dedicated test lab setup – where we used specific software defined radio equipment – we have also proven that an attacker is able to carry out such attacks using a modified standard, easy to obtain VHF radio which costs approximately €150,” Trend added.
The company disclosed its findings to all the relevant parties, but said it would be difficult to fix the deep-seated problems with AIS. It would need to be updated across all vessels, whatever the cost, Trend added.
Earlier this year, Claudio Guarnieri, a researcher at Rapid7, showed TechWeekEurope how he was able to track naval vessels using very similar techniques. After just four hours of work, he was able to .track 34,000 boats, many belonging to law enforcement and national governments, thanks to flaws in communications between ships.
What do you know about Internet security? Find out with our quiz!
CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
View Comments
Clearly the authors have no idea about the shipping industry or AIS itself. AIS was designed as an aid to avoid ship to ship collisions and has to be used in conjunction with radar and other methods.
AIS itself only has a range of 12-40nm (VHF range) , so vessel tracking for security reasons is done using satellite systems such as Inmarsat C. The data from the Satellite receiving stations to the end users (Security centres) can be encoded using SSl etc.
Yes the system can be spoofed as can GPS, but its only an aid and is NOT and has NEVER been designed to be secure nor does it need to be.
As for the comment about using a £150 radio is just plain stupid, the amount of work required is going to be enormous to implement a full AIS transponder from that. Possible, but it would be easier to purchase a proper AIS transponder. How useful that would be anyway is debatable plus the offenders position would be known to security forces straight away - it's a radio transmission!
I second Brian M and his explanation. This is just Trend Micro trying to gather trending. I would think it not worthy of publishing personally. Enough FUD around as it is.