Please select your home edition
Edition
Wildwind 2016 728x90

AIS concern - serious vulnerability to hacking

by Tom Simonite, Technology Review/Sail-World on 20 Oct 2013
AIS data could be vulnerable .. .
That AIS system you have such faith in may not be so secure after all. Hundreds of thousands of vessels, including many sailing boats worldwide, rely on the Automatic Identification System (AIS) for sharing vessel movements. Now the system has shown to be easily vulnerable to hacking.

Researchers have announced at a conference in Kuala Lumpur that they have found that it is possible to cause fake vessels to appear, real ones to disappear, and to issue false emergency alerts using cheap radio equipment.

Researchers with the computer security company Trend Micro discovered the problem, which stems from a lack of security controls in AIS, a system used by an estimated 400,000 vessels worldwide.

AIS is an easy target because the signals don’t currently have any authentication or encryption mechanism, making it simple to use software to craft a signal designed to do mischief, says Marco Balduzzi, Trend Micro researcher. 'All the ships out there are affected by this problem; it’s not tied to the hardware but to the protocol.'

International Maritime Organization rules make AIS mandatory on passenger vessels and on cargo ships over a certain size. Lighthouses, buoys, and other marine fixtures also transmit their location using the system.

'We were really able to compromise this system from the root level,' says Kyle Wilhoit, a researcher with Trend Micro’s Future Threat Research team. By purchasing a 700-euro piece of AIS equipment and connecting it to a computer in the vicinity of a port, the researchers could intercept signals from nearby craft and send out modified versions to make it appear to other AIS users that a vessel was somewhere it was not.

Using the same equipment and software, it is possible to force ships to stop broadcasting their movements using AIS by abusing a feature that lets authorities manage how nearby AIS transmitters operate. AIS transmissions could also be sent out that make fake vessels or structures such as lighthouses or navigational buoys appear, and to stage spoof emergencies such as a 'man in the water' alert or collision warning. No direct attacks were staged on any real vessels.

The researchers showed that their spoof signals were faithfully reproduced on the maps provided by online services that monitor AIS data.

One online service was fooled into showing a real tugboat disappearing from the Mississippi and reappearing on a Dallas lake, and (see photo left) depicting a fake vessel traveling off Italy on a course that spelled out the hacker term for a compromised system: 'pwned.'

Ships and marine authorities also use radar to detect other vessels and obstacles. But AIS was introduced as an easier and more powerful alternative, and people have come to rely on it, says Wilhoit. Balduzzi and Wilhoit collaborated on the research with independent Italian security researcher Alessandro Pasta, and presented their findings at the Hack In the Box security conference in Kuala Lumpur on Wednesday.

The researchers attempted to notify several international marine and communication authorities, but only received a response from the International Telecommunications Union, a United Nations agency that deals with global communications policy. 'They seem to be on board with changing the protocol,' says Wilhoit, 'but it’s one of those foundational problems that will take time to fix.' AIS equipment has the protocol built in, so rolling out an improved form of AIS requires replacing existing equipment.

Even deciding on how to update the AIS protocol and regulations could take some time. The International Maritime Organization, another U.N. agency, is the international authority most directly responsible for AIS design and use, but a spokesperson, Natasha Brown, told MIT Technology Review that she was not aware that any research on AIS security had been presented to the agency. 'This issue has not been formally raised at IMO, so there has been no [internal] discussion or IMO recommendations or guidance.'

Only a formal paper submitted via a government with IMO membership or an organization with consultative status would lead to any response, said Brown.

So if you were just about to upgrade your AIS system, it might be wise to wait until the protocol is changed - or at least until we find how long that will be...

Thanks to the www.oceancruisingclub.org!Ocean_Cruising_Club, the world-wide club for cruising sailors, for the notification about this news, and more information can be obtained about Trend Micro by http://www.trendmicro.com!clicking_here.

NaiadAncasta Ker 33 660x82Bakewell-White Yacht Design

Related Articles

Zhik Xeflex® - your shield against cold environments
This radiant barrier mid-layer nearly defies description. This radiant barrier mid-layer nearly defies description. How do you make a water resistant garment that really breathes, yet reflects your own body heat back to you? Where do you find a compression resistant and extremely insulating filling that is nowhere near as bulky as the Michelin Man, yet gives you that kind of warmth and comfort?
Posted on 17 Jan
Sounds like a boat - Lisa Blair's departure delayed due to electronics
Final preparations of her yacht, Climate Action Now by Sydney-based sailor Lisa Blair have uncovered an electrical issue Final preparations and safety checks of her yacht, Climate Action Now by Sydney-based sailor Lisa Blair have uncovered an electrical issue.
Posted on 15 Jan
Lisa Blair starts Solo Circumnavigation of Antarctica
Over 3,500 people have climbed Mount Everest, only two men have sailed solo, non-stop and unassisted around Antarctica. Over 3,500 people have climbed Mount Everest, over 500 have rowed across the various oceans and 12 people have landed on the moon. Only two men have sailed solo, non-stop and unassisted around Antarctica. Sydney-based Lisa Blair, 32, intends to become the first woman, the fastest and the third person in history to conquer such a challenge.
Posted on 14 Jan
When whales meet sails
CAMPER helmsman Roberto ‘Chuny’ Bermudez found himself nearly face to face with whale in middle of North Atlantic Ocean. Currently the database for marine mammal strikes is very sparse. We are requesting sailors and boaters help to submit information on current and past incidents, however long ago that may be. By giving a location, date, identification if possible, and any other relevant information you can help scientists better understand where marine mammals are at risk for strikes
Posted on 8 Jan
Potential instability in Atlantic Ocean water circulation system
One of the world’s largest ocean circulation systems may not be as stable as today’s weather models predict One of the world’s largest ocean circulation systems may not be as stable as today’s weather models predict, according to a new study. In fact, changes in the Atlantic Meridional Overturning Circulation (AMOC) — the same deep-water ocean current featured in the movie “The Day After Tomorrow” — could occur quite abruptly, in geologic terms, the study says.
Posted on 6 Jan
10,000 metric tons of plastic enter Great Lakes every year
A new study inventories and tracks high concentrations of plastic in Great Lakes could help inform cleanup efforts A new study by Rochester Institute of Technology that inventories and tracks high concentrations of plastic in the Great Lakes could help inform cleanup efforts and target pollution prevention.Researchers found that nearly 10,000 metric tons—or 22 million pounds—of plastic debris enter the Great Lakes every year from the United States and Canada.
Posted on 2 Jan
Flood threats changing across the US
The risk of flooding in the United States is changing regionally, and the reasons could be shifting rainfall patterns The risk of flooding in the United States is changing regionally, and the reasons could be shifting rainfall patterns and the amount of water in the ground. In a new study, University of Iowa engineers determined that, in general, the threat of flooding is growing in the northern half of the U.S. and declining in the southern half.
Posted on 2 Jan
The Deepwater Horizon aftermath
Researchers analyze 125 compounds from oil spilled in Gulf of Mexico to determine their longevity at different levels. Researchers analyze 125 compounds from oil spilled in the Gulf of Mexico to determine their longevity at different contamination levels. The oil discharged into the Gulf of Mexico following the explosion and sinking of the Deepwater Horizon (DWH) rig in 2010 contaminated more than 1,000 square miles of seafloor.
Posted on 1 Jan
What happened to Deepwater Horizon Oil?
What happened to the 160 million gallons of oil that gushed for 87 days into the Gulf of Mexico in 2010? Six years after the Deepwater Horizon oil spill, we are continually asked two questions. What happened to the 160 million gallons of oil that gushed for 87 days into the Gulf of Mexico in 2010? Was discharging 1.67 million gallons of chemicals into the ocean to disperse the oil a good or bad idea?
Posted on 24 Dec 2016
10 Best places to catch New Year’s Eve fireworks by boat
Want the best views of the NYE fireworks 2017? Check out these 10 destinations where you can celebrate New Year’s Eve Want the best views of the NYE fireworks 2017? Check out these 10 alternative destinations where you can celebrate New Year’s Eve with a bang! A new interactive map detailing the top 10 destinations to experience the fireworks by the water has been released by boat hire company Sailogy. The interactive map includes top European cities like Barcelona, Naples and Lisbon...
Posted on 22 Dec 2016