News Home Video Gallery Newsletters Photo Gallery Cruising Int
Sail-World.com : AIS concern - serious vulnerability to hacking
AIS concern - serious vulnerability to hacking


'AIS data could be vulnerable'    .

That AIS system you have such faith in may not be so secure after all. Hundreds of thousands of vessels, including many sailing boats worldwide, rely on the Automatic Identification System (AIS) for sharing vessel movements. Now the system has shown to be easily vulnerable to hacking.

Researchers have announced at a conference in Kuala Lumpur that they have found that it is possible to cause fake vessels to appear, real ones to disappear, and to issue false emergency alerts using cheap radio equipment.

Researchers with the computer security company Trend Micro discovered the problem, which stems from a lack of security controls in AIS, a system used by an estimated 400,000 vessels worldwide.

AIS is an easy target because the signals don’t currently have any authentication or encryption mechanism, making it simple to use software to craft a signal designed to do mischief, says Marco Balduzzi, Trend Micro researcher. 'All the ships out there are affected by this problem; it’s not tied to the hardware but to the protocol.'

International Maritime Organization rules make AIS mandatory on passenger vessels and on cargo ships over a certain size. Lighthouses, buoys, and other marine fixtures also transmit their location using the system.

'We were really able to compromise this system from the root level,' says Kyle Wilhoit, a researcher with Trend Micro’s Future Threat Research team. By purchasing a 700-euro piece of AIS equipment and connecting it to a computer in the vicinity of a port, the researchers could intercept signals from nearby craft and send out modified versions to make it appear to other AIS users that a vessel was somewhere it was not.

Using the same equipment and software, it is possible to force ships to stop broadcasting their movements using AIS by abusing a feature that lets authorities manage how nearby AIS transmitters operate. AIS transmissions could also be sent out that make fake vessels or structures such as lighthouses or navigational buoys appear, and to stage spoof emergencies such as a 'man in the water' alert or collision warning. No direct attacks were staged on any real vessels.

The researchers showed that their spoof signals were faithfully reproduced on the maps provided by online services that monitor AIS data.

From Trend Micro: Spoof radio signals convinced an online ship tracking service that this fake craft had traveled on a path near Italy that spelled out the hacker term “pwned,” which describes a system that has been compromised by an attacker. -  .. .  
One online service was fooled into showing a real tugboat disappearing from the Mississippi and reappearing on a Dallas lake, and (see photo left) depicting a fake vessel traveling off Italy on a course that spelled out the hacker term for a compromised system: 'pwned.'

Ships and marine authorities also use radar to detect other vessels and obstacles. But AIS was introduced as an easier and more powerful alternative, and people have come to rely on it, says Wilhoit. Balduzzi and Wilhoit collaborated on the research with independent Italian security researcher Alessandro Pasta, and presented their findings at the Hack In the Box security conference in Kuala Lumpur on Wednesday.

The researchers attempted to notify several international marine and communication authorities, but only received a response from the International Telecommunications Union, a United Nations agency that deals with global communications policy. 'They seem to be on board with changing the protocol,' says Wilhoit, 'but it’s one of those foundational problems that will take time to fix.' AIS equipment has the protocol built in, so rolling out an improved form of AIS requires replacing existing equipment.

Even deciding on how to update the AIS protocol and regulations could take some time. The International Maritime Organization, another U.N. agency, is the international authority most directly responsible for AIS design and use, but a spokesperson, Natasha Brown, told MIT Technology Review that she was not aware that any research on AIS security had been presented to the agency. 'This issue has not been formally raised at IMO, so there has been no [internal] discussion or IMO recommendations or guidance.'

Only a formal paper submitted via a government with IMO membership or an organization with consultative status would lead to any response, said Brown.

So if you were just about to upgrade your AIS system, it might be wise to wait until the protocol is changed - or at least until we find how long that will be...

Thanks to the Ocean Cruising Club, the world-wide club for cruising sailors, for the notification about this news, and more information can be obtained about Trend Micro by clicking here.


by Tom Simonite, Technology Review/Sail-World

  

Click on the FB Like link to post this story to your FB wall

http://www.sail-world.com/index.cfm?nid=115905

8:25 PM Sat 19 Oct 2013GMT


Click here for printer friendly version
Click here to send us feedback or comments about this story.







Cruising USA

Predictwind helps you pick the best time to depart by Richard Gladwell Sail-World.com/nz,
















4.8 million Legos all at sea by Adam Clark Estes,




Dredging activity near corals can increase frequency of diseases by ARC Centre of Excellence Coral Reef Studies,




Understanding the Ocean's role in Greenland Glacier melt by Woods Hole Oceanographic Institution (WHOI),




Three Defensive Docking Strategies for Sailors by Captain John Jamieson, Florida


Revealing report on Search for American yacht Nina released *Feature by Rob Kothe and the Sail-World team,














Baby Nemos finding their way home by ARC Centre of Excellence Coral Reef Studies,










The real ‘Supermoon’ story by Sail-world.com,




Sailor rescued after Facebook call for rescue by RNLI/Sail-World Cruising,








Northern Scotland: Voyage to Orkney and Shetland Isles, photos
The Galley Guys' favourite shrimp recipe
Vestas Sailrocket 3 - Over the Horizon
BoatUS speaks out about 'Ethanol-at-all-cost Agenda'
Tidal current installations will increase boating hazards
Eco-Sailboat of the future - Catherine Chabaud at work
Calling yachts in the South Pacific - rally to New Zealand
The final touch - which wax should I use on my boat?
ARC Baltic sets sail to discover Europe's 'east sea'
Another boom death. Australian sailor dies, hit by swinging boom
Galley Guru vital to the life of the cruising sailor
'Boat Handling in Marinas' by Rob Gibson - and how to get it reliably
Heart-stopping moment as whale capsizes Zodiac
If we stop killing parrotfish we can bring back Caribbean coral reefs
Climate change could stop fish finding their friends
Vanuatu ups their welcome to cruising sailors with new approach
Criminal charges mooted for owners of sunk HMS Bounty
Red faces after authorities inadvertently aid boat thief to get away
Mobiles drive traffic - 72% increase in Sail-World.com page view *Feature
Sail Estonia: a VERY new idea
Tie This 'Lifesaving' Bowline in Seconds - the easy way!   
A Beer Bummel on the Thames River   
Online weather routing - possible? Predict Wind says yes   
Why Boats Sink: Ten best tips on prevention   
The North West Passage calls: Who will answer this year?   
Polish adventure sailor in second try at North West Passage   
Whale research - new techniques expand for non-lethal methods   
Jessica Watson, solo sailing star, four years on...   
Americas solo non-stop circumnavigator crosses Pacific for research   
What is an El Niño and how will it affect my sailing? (Part 1)   
The Dinghy Nav Light Solution- a brilliantly dumb idea   
Spike in water temperatures evidence of ‘irreversible’ El Nino *Feature   
Sailing crew's battle to save yacht lost in the Indian Ocean   
Five Top Tips for selecting the best boatyard   
Tips for selecting the best boatyard   
Predictwind unlocks more features on free accounts   
Composite Rigging launches new campaign for ECsix   
When is a Captain not a Captain?   
Free app for managing your yacht   
Amazing MOB survival - 13 hours floating, rescued by fishermen   


For this week's complete news stories select    Last 7 Days
   Search All News
For last month's complete news stories select    Last 30 Days
   Archive News







Sail-World.com  


















Switch Default Region to:

Social Media

Asia

Australia

Canada

Europe

New Zealand

United Kingdom


http://www.sail-world.com/event_images/image/Twitter_logo_small.png http://www.sail-world.com/event_images/image/FaceBook-icon.png  

United States

Cruising Northern

Cruising Southern

MarineBusiness World

PowerBoat World

FishingBoating World

 

Contact

Commercial

News

Search

Contact Us

Advertisers Information

Submit news/events

Search Stories/Text

Feedback

Advertisers Directory

Newsletter Archive

Photo Gallery

 

Banner Advertising Details

Newsletter Subscribe

Video Gallery

Policies

 

 

 

Privacy Policy

 

 


Cookie Policy

 

 



This site and its contents are © Copyright TetraMedia and/or the original author, photographer etc. All Rights Reserved.  Photographs are copyright by law.  If you wish to use or buy a photograph contact the photographer directly.
XLXL NEW Cru USA
LocalAds   DE  ES  FR  IT