Please select your home edition
Edition
Sail Exchange 728x90 1

AIS concern - serious vulnerability to hacking

by Tom Simonite, Technology Review/Sail-World on 20 Oct 2013
AIS data could be vulnerable SW
That AIS system you have such faith in may not be so secure after all. Hundreds of thousands of vessels, including many sailing boats worldwide, rely on the Automatic Identification System (AIS) for sharing vessel movements. Now the system has shown to be easily vulnerable to hacking.

Researchers have announced at a conference in Kuala Lumpur that they have found that it is possible to cause fake vessels to appear, real ones to disappear, and to issue false emergency alerts using cheap radio equipment.

Researchers with the computer security company Trend Micro discovered the problem, which stems from a lack of security controls in AIS, a system used by an estimated 400,000 vessels worldwide.

AIS is an easy target because the signals don’t currently have any authentication or encryption mechanism, making it simple to use software to craft a signal designed to do mischief, says Marco Balduzzi, Trend Micro researcher. 'All the ships out there are affected by this problem; it’s not tied to the hardware but to the protocol.'

International Maritime Organization rules make AIS mandatory on passenger vessels and on cargo ships over a certain size. Lighthouses, buoys, and other marine fixtures also transmit their location using the system.

'We were really able to compromise this system from the root level,' says Kyle Wilhoit, a researcher with Trend Micro’s Future Threat Research team. By purchasing a 700-euro piece of AIS equipment and connecting it to a computer in the vicinity of a port, the researchers could intercept signals from nearby craft and send out modified versions to make it appear to other AIS users that a vessel was somewhere it was not.

Using the same equipment and software, it is possible to force ships to stop broadcasting their movements using AIS by abusing a feature that lets authorities manage how nearby AIS transmitters operate. AIS transmissions could also be sent out that make fake vessels or structures such as lighthouses or navigational buoys appear, and to stage spoof emergencies such as a 'man in the water' alert or collision warning. No direct attacks were staged on any real vessels.

The researchers showed that their spoof signals were faithfully reproduced on the maps provided by online services that monitor AIS data.

One online service was fooled into showing a real tugboat disappearing from the Mississippi and reappearing on a Dallas lake, and (see photo left) depicting a fake vessel traveling off Italy on a course that spelled out the hacker term for a compromised system: 'pwned.'

Ships and marine authorities also use radar to detect other vessels and obstacles. But AIS was introduced as an easier and more powerful alternative, and people have come to rely on it, says Wilhoit. Balduzzi and Wilhoit collaborated on the research with independent Italian security researcher Alessandro Pasta, and presented their findings at the Hack In the Box security conference in Kuala Lumpur on Wednesday.

The researchers attempted to notify several international marine and communication authorities, but only received a response from the International Telecommunications Union, a United Nations agency that deals with global communications policy. 'They seem to be on board with changing the protocol,' says Wilhoit, 'but it’s one of those foundational problems that will take time to fix.' AIS equipment has the protocol built in, so rolling out an improved form of AIS requires replacing existing equipment.

Even deciding on how to update the AIS protocol and regulations could take some time. The International Maritime Organization, another U.N. agency, is the international authority most directly responsible for AIS design and use, but a spokesperson, Natasha Brown, told MIT Technology Review that she was not aware that any research on AIS security had been presented to the agency. 'This issue has not been formally raised at IMO, so there has been no [internal] discussion or IMO recommendations or guidance.'

Only a formal paper submitted via a government with IMO membership or an organization with consultative status would lead to any response, said Brown.

So if you were just about to upgrade your AIS system, it might be wise to wait until the protocol is changed - or at least until we find how long that will be...

Thanks to the www.oceancruisingclub.org!Ocean_Cruising_Club, the world-wide club for cruising sailors, for the notification about this news, and more information can be obtained about Trend Micro by http://www.trendmicro.com!clicking_here.

Protector - 660 x 82Barz Optics - Melanin LensesSail Exchange 660x82 New Sails

Related Articles

Sixteenth blog from on board Perie Banou II - en route Panama
Still here, parked day or two, Cane Garden Bay BVI. Wonderful Bay, nice beach restaurants and bars. Still here, parked day or two, Cane Garden Bay BVI. Wonderful Bay, nice beach restaurants and bars. On the main Island Tortola. ‘Road Town’, the capital of British Virgin Islands is on the other side of the Island. To get from Cane Garden to Road Town (by taxi) is over hills. Big hills. With much vegetation.
Posted today at 4:51 am
Debbie says the 8thP with Insurance is Patience (Pt.II)
We’re back to keep exploring the nature of TC Debbie and how she came to tell us about the eighth P of insurance We’re back to keep exploring the nature of TC Debbie and how she came to tell us about the eighth P of insurance. We looked at what it was like to come into a disaster zone and now we see the evidence of those that did the right thing, and how the area is already on the road to recovery.
Posted on 25 Apr
Fifteenth blog from on board Perie Banou II - BVIs
I am on the yacht. Back on air with the iridium. Paul Stratfold, with his partner Shiralee, plus owner and his friend I am on the yacht. Back on air with the iridium. Paul Stratfold, with his partner Shiralee, plus owner and his friend (another Paul from Hawaii). Are on the specially constructed 60ft catamaran named 'Gizmo'. Carbon fibre hull, carbon fibre mast, carbon fibre rigging, carbon fibre sails. There are no turnbuckles with the rigging (holding the mast up). Just Dyneema lashing.
Posted on 19 Apr
Debbie says the 8thP with Insurance is Patience
This all stems from the learnings in the widely read, ‘Debbie says there are 7 Ps and 1 C with insurance’. This all stems from the learnings in the widely read, ‘Debbie says there are 7 Ps and 1 C with insurance’. As time unfolds some more, we learn that indeed there are a lot of reasons you need to apply patience with both your dealings with your insurance company, and also all the many trades that are working feverishly to get all the jobs done.
Posted on 19 Apr
Fourteenth blog from on board Perie Banou II - British Virgin Isles
32 days back I departed the British Island of Saint Helena. Clearing port, customs, immigration simple. Jon has arrived in the BVI ahead of his estimated arrival. He had somehow managed to completely disconnect from the on-board communication system that they set up for him, and as a result we didn't have communication with him while he was at sea. of course, that is nothing strange for Jon, and perhaps he wanted it to be more like his circumnavigations of old? Hmmmm.... Accidentally on purpose?
Posted on 12 Apr
A very difficult day - Got fuel to Cape Town
Well after my dismasting I have spent the last two days motoring North towards Cape Town trying to collect myself Well after my dismasting I have spent the last two days motoring North towards Cape Town trying to collect myself and to intercept Hong Kong container ship M/V Far Eastern Mercury who had been diverted by Maritime Rescue Coordination Center Cape Town (MRCC Cape Town) when I had issued a Pan-Pan during my dismasting.
Posted on 8 Apr
Debbie says there are 7Ps and 1C with Insurance
Debbie says there are 7Ps and 1C with Insurance If you have been on the planet or around boats long enough, you’ll know all about the 7Ps. The one ‘C’ mentioned here refers to consequence, and in the legalese that surrounds insurance, it gets applied distinctly to consequential damage. We’ll come back to all of that in a while, but for now, our mission is to look at the consequences of actions prior to TC Debbie making landfall.
Posted on 5 Apr
Lisa Blair heads to Cape Town under motor following dismasting
A PAN PAN was called at 0300 (AET) / 1900 (SAST) signalling an urgent threat to her safety and this remains in place. Lisa Blair has assessed the damage to her yacht, Climate Action Now, after being dismasted 895 nm south of Cape Town in 40 knot winds and seven metre swells early in the morning of April 4, 2017. She made a PAN PAN call over the radio at approximately 0300 (AET) / 1900 (SAST) signalling an urgent threat to her safety and this remains in place.
Posted on 4 Apr
Queensland Cyclone – Hamilton Island faces massive five-month rebuild
Hamilton Island chief executive Glenn Bourke yesterday told almost 600 staff of the massive task ahead to clean-up Hamilton Island faces a massive five-month rebuild but will partly reopen for business next Saturday after “all hell broke loose”. Exclusive pictures obtained by The Sunday Mail shows the “apocalyptic” scale of destruction to privately owned homes, luxury hotels and yachts at ground zero in the cyclone-ravaged Whitsundays.
Posted on 2 Apr
Ex-Tropical Cyclone Debbie tracking southwards today, bringing rain
Heavy rain and flooding is expected as Ex-Tropical Cyclone Debbie moves south-east. Heavy rain and flooding is expected as Ex-Tropical Cyclone Debbie moves south-east. A Flood Watch has been issued for coastal catchments between Gladstone in Queensland and Bellingen in northern New South Wales. The Flood Watch extends inland to parts of the Central Highlands and Coalfields, Central West, Maranoa and Warrego, Darling Downs and Granite Belt forecast districts...
Posted on 29 Mar