Vessel-tracking system vulnerable to denial-of-service, other attacks, researchers say

Attackers could disable Automatic Identification System communications over large areas or send fake localization information to ships

The Hack in the Box 2014 security conference takes place in Amsterdam May 29 - 30.

The Hack in the Box 2014 security conference takes place in Amsterdam May 29 - 30.

Inexpensive equipment can be used to disrupt vessel-tracking systems and important communications between ships and port authorities, according to two security researchers.

During the Hack in the Box conference in Amsterdam Thursday, Marco Balduzzi, a senior research scientist at Trend Micro, and independent security researcher Alessandro Pasta described three new attacks against the Automatic Identification System (AIS), which is used by over 400,000 ships worldwide.

AIS supplements information from marine radar systems and sends a ships's identity, type, position, course, speed, navigational status and safety-related information to other ships, shore stations and aircraft. Port and coastal authorities also use the system to send important traffic information and other data back to the ships.

Balduzzi and Pasta warned last year that the lack of authentication and integrity-checking in the AIS communication protocol could allow pirates, terrorists or other attackers to create ghost vessels or spoof information received by the ships.

It's also possible to disable AIS communications over a large region, Balduzzi said Thursday. An attacker could impersonate a port authority and tell all AIS systems -- on ships, in shore stations, etc. -- to stop transmission for a number of minutes, and then repeat the command when that interval passes in order to prolong the downtime, he said.

Balduzzi and Pasta experimented on land with a self-built AIS transmitter and power amplifier and achieved a signal range of 20 km, but at sea the range would be bigger because there are less obstacles. Using more power can also significantly boost the range.

The equipment used by the researchers cost US$600, but they said that an AIS transmitter could be built with cheaper components for under $100.

AIS communications can also be used as a channel to exploit vulnerabilities in the software running on the back-end systems that process and collect AIS data. For example, the researchers found an SQL injection vulnerability in a system used by ship captains to store weather forecasts received over AIS.

The vulnerability could be exploited to insert bogus weather information into the database or even delete the whole database, Balduzzi said.

The impact of using AIS to attack back-end systems depends on what those systems are designed to do and what kind of vulnerabilities they potentially have. If the system stores information about ship traffic in a harbor for example, inserting bad information into its database or deleting it can have serious consequences, the researcher explained.

A third attack presented Thursday involves the spoofing of Differential Global Positioning System (DGPS) information sent over AIS. DGPS data improves the accuracy of GPS-based localization from meters to centimeters.

A constant stream of spoofed DGPS data could make a ship deviate from its course, Balduzzi said. The result would be similar to that of a GPS spoofing attack demonstrated by researchers from the University of Texas at Austin last year, he said.

According to the International Maritime Organization (IMO), the United Nations agency responsible for the safety and security of shipping, the installation of AIS is required on all ships of 300 gross tonnage or more that are engaged on international voyages and for all passenger ships regardless of size.

The IMO did not immediately respond to a request for comment about the AIS attacks revealed Thursday at Hack in the Box.

According to Balduzzi and Pasta, AIS providers and maritime authorities generally acknowledged in the past that the lack of authentication and integrity checking in AIS is a problem, but said that captains are instructed to correlate information from multiple systems and not rely on AIS data alone.

"To me, if you have a system that's supposed to enhance the previous systems, but is not secure and can report wrong information, then it's useless," Balduzzi said.

Completely fixing the problem would require redesigning the communication protocol to build in security, and then upgrading or replacing the AIS hardware installed on ships, in ports and ground stations. However, that's not feasible in the short term, the researchers said. Using specialized software to detect anomalies in the AIS data can be a temporary solution, but won't protect against all possible attacks like the denial-of-service ones, they said.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags intrusiontrend microsecurityphysical securityAccess control and authenticationExploits / vulnerabilitiesdata protectionfraudInternational Maritime Organization

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?