sail-world.com
 
 
News Home Photo Gallery Cruising Australia Cruising USA Cruising Canada Boats for Sale Sail-World Racing FishingBoating
Video Gallery Newsletters
Sail-World.com : AIS concern - serious vulnerability to hacking
AIS concern - serious vulnerability to hacking


'AIS data could be vulnerable'    .

That AIS system you have such faith in may not be so secure after all. Hundreds of thousands of vessels, including many sailing boats worldwide, rely on the Automatic Identification System (AIS) for sharing vessel movements. Now the system has shown to be easily vulnerable to hacking.

Researchers have announced at a conference in Kuala Lumpur that they have found that it is possible to cause fake vessels to appear, real ones to disappear, and to issue false emergency alerts using cheap radio equipment.

Researchers with the computer security company Trend Micro discovered the problem, which stems from a lack of security controls in AIS, a system used by an estimated 400,000 vessels worldwide.

AIS is an easy target because the signals don’t currently have any authentication or encryption mechanism, making it simple to use software to craft a signal designed to do mischief, says Marco Balduzzi, Trend Micro researcher. 'All the ships out there are affected by this problem; it’s not tied to the hardware but to the protocol.'

International Maritime Organization rules make AIS mandatory on passenger vessels and on cargo ships over a certain size. Lighthouses, buoys, and other marine fixtures also transmit their location using the system.

'We were really able to compromise this system from the root level,' says Kyle Wilhoit, a researcher with Trend Micro’s Future Threat Research team. By purchasing a 700-euro piece of AIS equipment and connecting it to a computer in the vicinity of a port, the researchers could intercept signals from nearby craft and send out modified versions to make it appear to other AIS users that a vessel was somewhere it was not.

Using the same equipment and software, it is possible to force ships to stop broadcasting their movements using AIS by abusing a feature that lets authorities manage how nearby AIS transmitters operate. AIS transmissions could also be sent out that make fake vessels or structures such as lighthouses or navigational buoys appear, and to stage spoof emergencies such as a 'man in the water' alert or collision warning. No direct attacks were staged on any real vessels.

The researchers showed that their spoof signals were faithfully reproduced on the maps provided by online services that monitor AIS data.

From Trend Micro: Spoof radio signals convinced an online ship tracking service that this fake craft had traveled on a path near Italy that spelled out the hacker term “pwned,” which describes a system that has been compromised by an attacker. -  .. .  
One online service was fooled into showing a real tugboat disappearing from the Mississippi and reappearing on a Dallas lake, and (see photo left) depicting a fake vessel traveling off Italy on a course that spelled out the hacker term for a compromised system: 'pwned.'

Ships and marine authorities also use radar to detect other vessels and obstacles. But AIS was introduced as an easier and more powerful alternative, and people have come to rely on it, says Wilhoit. Balduzzi and Wilhoit collaborated on the research with independent Italian security researcher Alessandro Pasta, and presented their findings at the Hack In the Box security conference in Kuala Lumpur on Wednesday.

The researchers attempted to notify several international marine and communication authorities, but only received a response from the International Telecommunications Union, a United Nations agency that deals with global communications policy. 'They seem to be on board with changing the protocol,' says Wilhoit, 'but it’s one of those foundational problems that will take time to fix.' AIS equipment has the protocol built in, so rolling out an improved form of AIS requires replacing existing equipment.

Even deciding on how to update the AIS protocol and regulations could take some time. The International Maritime Organization, another U.N. agency, is the international authority most directly responsible for AIS design and use, but a spokesperson, Natasha Brown, told MIT Technology Review that she was not aware that any research on AIS security had been presented to the agency. 'This issue has not been formally raised at IMO, so there has been no [internal] discussion or IMO recommendations or guidance.'

Only a formal paper submitted via a government with IMO membership or an organization with consultative status would lead to any response, said Brown.

So if you were just about to upgrade your AIS system, it might be wise to wait until the protocol is changed - or at least until we find how long that will be...

Thanks to the Ocean Cruising Club, the world-wide club for cruising sailors, for the notification about this news, and more information can be obtained about Trend Micro by clicking here.


by Tom Simonite, Technology Review/Sail-World

  

Click on the FB Like link to post this story to your FB wall

http://www.sail-world.com/index.cfm?nid=115905

8:25 PM Sat 19 Oct 2013GMT


Click here for printer friendly version
Click here to send us feedback or comments about this story.







Sail-World Cruising News - local and the World



Springtime Greening: Boaters Tips for Earth Day by BoatUS Foundation/Sail-World Cruising,












British rescuers go for their own circumnavigation challenge by Derby Telegraph/Sail-World Cruising,


How sailors really do have a voice in the future of our oceans by Sandra Whitehouse, Sailors for the Sea,


Message-in-a-bottle record - 102 years by AFP/Sail-World Cruising,














Canadian solo sailor rescued north of Auckland by Sail-World Cruising round-up,
























Free online fuel spill course - how much do you know? by BoatUS Foundation/Sail-World Cruising,










Yacht of the Week: Kokomo III - and she could be yours
Life-shattering event sends 'rookie' couple sailing the world
Mysteries of the seas, happening right now - missing, sunk, foul play
Sail Norway and Russia this summer - your own boat, or charter
Sunshine4kids' 'Fleet of Hope' sets off again
3,200-year-old boat found in Croatian waters
Product of the Week: the LineGrabber
Mediterranean Mooring - How to moor stern-to to a dock or quay
Canadian storm bomb threat - sailors advised: get off the water!
Carbon monoxide poisoning - is it possible on YOUR boat?
Sailing family condemmed for taking 3-year-old on circumnavigation
New contract-free plan for satellite communicator on your smart phone
Yacht of the Week: The Dashew creation: no sails, but eco-friendly
No laughing! Sailing mistakes I don't want to make
Multihull Solutions Phuket 2014 Regatta - new sponsorship
Destination: From Moscow Sea to the White Sea
Land sailors of India on adventure across the Rann
Jet stream gets fish in hot water
Still no plans for e-Borders
A Paint App to (almost) replace your marine store assistant
Air warms but water slower - be careful, sailors, of hypothermia   
Volunteer Canadian rescue team homeless - any offers?   
Hilary Lister and Nashwa Al Kindi set a new trans-ocean record   
How to anchor and 'never utter a word'   
Non-pyrotechnic flares for my boat - Can I or can't I?   
Health benefits of sailing   
Cruising in the Maldives - some nuts and bolts   
ISAF Guide to Offshore Personal Safety for Racing and Cruising   
Halyard Tension - a video   
Winchrite - for lazy days or extra muscle-power   
Researcher examines 'current leaks' that may change the way you sail   
Paris off to attempt to circumnavigate the world again   
Need a tow from that helicopter? - watch the video and don't laugh   
Certain oil spill products shown to be ineffective and toxic + Video   
The Constrictor: a powerful 'Queen' of sailing knots!   
British leisure craft permitted to use red diesel in Belgian waters   
Boat painting - simple but best tips   
'It's never just one thing' - Swedish sailors rescued   
Cruising Club of America celebrates outstanding sailors of 2013   
Book of the Week: From the Galley of...   


For this week's complete news stories select    Last 7 Days
   Search All News
For last month's complete news stories select    Last 30 Days
   Archive News







Sail-World.com  



















 
Our Advertisers are committed to our sport, please support them!
This site and its contents are © Copyright TetraMedia Pty. Ltd and/or the original author, photographer etc. All Rights Reserved.

Photographs are copyright by law. If you wish to use or buy a photograph you must contact the photographer directly (there is a hyperlink in most cases to their website, or do a Google search.) with your request.

Please do not contact Sail-World.com as we cannot give permission for use of other photographer’s images.

Only if the photographer named on the image is Sail-world.com, Powerboat-world.com, Marinebusiness-world.com or NZBoating-World.com.
Contact us .
Ph: +61 2 8006 1873 or complete our feedback form    Contact us .
   View our Privacy Policy.    [Go Home]     [  Banner Advertising Specification]    [Bot Archive ]

Customised news feeds -Marine Industry companies, Clubs and Associations have their own customised version of our news feed on their website.
Look_here_to_see_examples

XL NEW CRU NH