Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    After a week since our presentation at HiTB Kuala Lumpur 2013, our findings regarding Automatic Identification System (AIS) security have been picked up by notable media outlets, including ABC News, Softpedia, VesselFinder, Heise, Spiegel, and NetSecurity. It also raised some questions about AIS and, to a certain extent, our research. We want to briefly address some comments we received from Internet users concerning our recent research on AIS, a fundamental technology used by ships and vessel traffic services worldwide.

    AIS was made mandatory in 2002 to overcome the limits of existing technology such as radar. It was supposed to enhance the safety of ship traffic by using modern solutions like GPS and 3G/4G Internet connectivity. Because these devices proved to be useful, class-B devices were later introduced, which were designed for smaller boats such as yachts and sailing boats.

    As a result, crew members were indirectly persuaded to rely more on AIS as opposed to traditional devices, since it comes with a more recent and reliable technology. Or, at least, it should be.

    With our research, we actually showed the opposite. We showed that AIS, which is now deployed to over 400,000 installations globally, is not infallible. It is fundamentally broken and can be abused by attackers. Our first message, then, is that users must not completely trust AIS, as attackers can actively use it for malicious deeds,  such as piracy. In case of an attack, the final user (i.e. the captain), will not be able to distinguish between true and false information reported by the AIS transponder.

    Paradoxically, traditional equipment for collision avoidance like sonars and radars are actually more reliable. For example, think of how difficult it is to tamper with the waves they generate. It should be made mandatory to correlate AIS data with the other devices on board.  I have been told of vessels (both large and small ones like yachts) configured with autopilot running via AIS (for collision avoidance) –  which is very risky to say the least.  Please don’t do that!

    Apart from collision avoidance, AIS is largely used (and nowadays) a de facto standard for search and rescue operations. Search and rescue transponders (SARTs) are self-contained, waterproof transponders intended for emergency.

    Modern SART devices (AIS-SARTs) use AIS position reports to determine the presence and exact location of a man in water. The second type of SART devices (radar-SARTs) uses traditional radar technology. We believe that these modern SART devices can be misused, such as when an attacker (i.e. a pirate) triggers a AIS-SART alert and lure a vessel into moving to a hostile and attacker-controlled location. Note that by law, a vessel is required to join a rescue operation. Currently, for a targeted ship, there is no way to unmask a spoofed SART message because no correlation can be done.

    To conclude, our research disclosed fundamental flaws in the specification of AIS affecting all AIS transponders worldwide. Last August, we personally communicated with the International Maritime Organization (IMO), the  International Association of Marine Aids to Navigation and Lighthouse Authorities (IALA) and the  ITU Radiocommunication Sector (ITU-R) – the three international organizations behind AIS – but only received a response from the latter. According to the MIT Technology Review, “only a formal paper submitted via a government with IMO membership or an organization with consultative status would lead to any response”.

    However, waiting for a “formal submission” from a government/member organisation can be a roadblock in promptly addressing the issues surrounding AIS. This also shows that these organizations may be unaware of the more matured world of vulnerability disclosure that takes place in the security industry.  We believe that they should push for more discussions around AIS security, wherein groups such as Trend Micro can share their research and participate.

    With our work, we hope to raise awareness and lead the involved parties e.g. CERTs, maritime coastguards and authorities, into calling for a more robust and secure AIS standard.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    • hello

      I work with AIS daily in tracking vessels.

      I recognize that some of these attacks are valid. What was most interesting to me is the “Impersonate marine authorities to permanently disable the AIS system on a vessel” attack.

      Could you explain more of the technical details of the attack? I’m fairly familiar with the spec, but don’t remember anything about this.

    • Dave

      (1) Again , the Internet play NO official recognised role in AIS, the IMO actually has requested that member governments suppress such use.

      (2) Bridge crews are not “pressurised” to use AIS, please cite references to back up such ridiculous claims

      (3) NONE, nope, nada, autopilots are configured to respond automatically to AIS collision warnings, think about it, how would the AP know where to turn to. THis piece is just factually wrong.

      (4) AIS is NOT a defacto standard in search and rescue, AIS sarts only very recently became approved at all. EPIRBS, using sat comms systems are the default, anyone who researched any of this would have realised that

      (5) Conventional SARTS are used to provide the final homing signal on 121 Mhz for nearby rescuers, they are not common on yachts, but are required on larger vessels, AIS Sarts are not IMO approved for this purpose. Furthermore the bogus AIS transmitter would have to be within normal VHF range of the ship , ie about 25 miles to generate a AIS contact. What would spoofing achieve in this case, its no different to getting on a voice VHF and making a bogus distress call, perhaps Trend could “uncover” that , shock horror, people making unencrypted voice messages.

      (6) AIS SARTS are not recognised as distress beacons under current GMDSS rules, They are available for non IMO controlled vessels such as yachts, but again distress is signalled by EPIRB systems that use encoded sat comms. Ordinary ships cannot detect SART transmissions, these are only provided on rescue vessels.

      This piece is simply technological hog wash, and its used half truths , huge amounts of mis information to suggest that Trend have uncovered anything. You hacked into MarineTraffic.com a website that is simply crowd sourced AIS and has no official place in AIS. AIS is NOT connected to the internet.

      of course like many other comments you will not post this on either, shame on you

      • Marco Balduzzi

        Hello Dave and thanks for coming back to us. I understand that AIS-SART might not be, yet, a fully-established solution for “man-in-water”. Part of doing research is indeed to look forward, i.e. to anticipate possible future threats, for example when such devices may become more prevalent. Said that, the issue I see is that a vessel receiving an AIS-SART message may not be able to confirm the authenticity, i.e. that is fake, in situations in which the survivor has exclusively AIS-SART rather than a conventional EPIRB system.
        Best



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice