Trend Micro researchers have demonstrated what an attacker can do
Researchers from Trend Micro have been analyzing the Automatic Identification System (AIS) used to track vessels and found that they’re vulnerable to cyberattacks. Currently, the system is installed on around 400,000 ships.AIS is a tracking system that’s installed on commercial ships that are over 300 metric tons, and all passenger ships. The system relies on GPS and it exchanges a vessel’s position, course and other information with nearby ships and offshore installations.
Trend Micro’s Marco Balduzzi and Kyle Wilhoit have found that hackers can hijack the communications of ships, disable the AIS, create fake ships and even trigger fake SOS or collision alerts.
How does an attack against a vessel tracking system work?
First of all, hackers can target AIS providers that collect information and distribute it publicly. The systems of these providers contain vulnerabilities that can be exploited to tamper with valid AIS data and inject invalid data.
For instance, the position, course, cargo, country of origin, speed name and Mobile Maritime Service Identity (MMSI) status of a ship can be changed. An attacker can also create fake vessels – for instance place an Iranian vessel packed with nuclear cargo on the US coastline.
Cybercriminals can leverage the vulnerabilities to create and modify buoys and lighthouses. They can also create and modify search and rescue aircraft.
In addition to the vulnerabilities in the systems of the service providers, the researchers have also uncovered security holes in the AIS protocol itself.
These flaws can be exploited to disable AIS on a vessel. In a plausible real-life scenario described by the experts, Somalian pirates can make a ship that enters their sea space disappear from AIS, but they can still be able to track it.
The AIS protocol vulnerabilities can also be leveraged to fake a “man in the water” distress signal, fake a “closest point of approach” alert and trigger a collision alert, send false weather information to a ship, and launch a flood attack by sending AIS traffic much more frequently than is normal.
Unfortunately, the experts say that it’s not easy and it’s not cheap to address these issues. However, they believe immediate steps should be taken to secure the AIS, especially with all the piracy and terrorist threats.
Balduzzi and Wilhoit have presented their findings at the Hack in the Box security conference in Kuala Lumpur, Malaysia.
Here are a few videos in which the researchers demonstrate how an attack against the AIS works: