Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us

    Trend Micro researchers have discovered that flaws in the AIS vessel tracking system can allow attackers to hijack communications of existing vessels, create fake vessels, trigger false SOS or collision alerts and even permanently disable AIS tracking on any vessel.

    AIS-map-screenshot

    Figure 1. 300 ton ships should not drive down the main street of a city

    In our previous blog post, we gave a brief introduction of the Automatic Identification System (AIS), a mandatory vessel tracking system for all commercial (non-fishing) ships over 300 metric tons, as well as passenger ships (regardless of size and weight). AIS works by acquiring GPS coordinates and exchanging a vessel’s position, course and information with nearby ships and offshore installations. It is currently installed in around 400,000 vessels.

    As the world becomes more connected to the “Internet of Things”, Trend Micro’s Forward Looking Threat researchers continue to look into technologies that could be abused by attackers in the near future. Earlier today at the HITB security conference in Kuala Lumpur, , two researchers from this team (Kyle Wilhoit and Dr. Marco Balduzzi), together with independent researcher Alessandro Pasta, presented a series of experiments that showed AIS is comprehensively vulnerable to a wide range of attacks that could be easily carried out by pirates, terrorists or other attackers. Trend Micro took care to carry out responsible disclosure to all of the major standards bodies involved in AIS, as well as major online providers of AIS tracking information.

    The attacks can be divided into two parts. Firstly, we discovered that the main AIS Internet providers that collect AIS information and distribute them publicly have vulnerabilities that allow an attacker to tamper with valid AIS data and inject invalid AIS data, such as:

    • Modification of all ship details such as position, course, cargo, flagged country, speed, name, MMSI (Mobile Maritime Service Identity) status etc.

    • Creation of fake vessels with all the same details e.g. having an Iranian vessel with nuclear cargo show up off the coast of the US
    • Create and modify Aid to Navigations (AToN) entries, such as buoys and lighthouses. This leads to scenarios such as blocking the entrance to a harbor, causing a ship to wreck, etc.
    • Create and modify search and rescue marine aircraft such as helicopters, and light aircraft e.g. having a stationary search and rescue coast guard helicopter “take off” and travel on a set course.

    Secondly, we have also discovered flaws in the actual specification of the AIS protocol used by hardware transceivers in all mandatory vessels. In addition to the above threats, we have proven additional scenarios:

    • Impersonate marine authorities to permanently disable the AIS system on a vessel, both forcing the ship to stop communicating its position, and stop getting AIS notifications from all nearby vessels (essentially a denial of service attack). This can also be tagged to a geographical area e.g. as soon as ship enters Somalia sea space it vanishes of AIS, but the pirates who carried out the attack can still see it.
    • Fake a “man-in-the-water” distress beacon at any location that will also trigger alarms on all vessel within approximately 50 km.

    • Fake a CPA alert (Closest Point of Approach) and trigger a collision warning alert. In some cases this can even cause software on the vessel to recalculate a course to avoid collision, allowing an attacker to physically nudge a boat in a certain direction.

    • Send false weather information to a vessel, e.g. approaching storms to route around.
    • Cause all ships to send AIS traffic much more frequently than normal, resulting in a flooding attack on all vessels and marine authorities in range.

    All of this is made possible because the AIS protocol was designed with seemingly zero security considerations. In particular, we noted the following major issues:

    • Lack of Validity Checks. It is possible to send an AIS message from any location for a vessel at another location e.g. you can send a message from a location near New York for a vessel that claims to be in the Gulf of Mexico, and it will be accepted without question. No geographical validity checks are carried out.
    • Lack of Timing Checks. It is also possible to replay existing (valid) AIS information, because no timestamp information is included in the message e.g. you can replicate the position of a vessel.
    • Lack of Authentication. There is no authentication built into the AIS protocol. That means that anyone who can craft a AIS packet can impersonate any other vessel on the planet, and all receiving vessels will treat the message as fact.
    • Lack of Integrity Checks. All AIS messages are sent in an unencrypted and unsigned form, making them trivial to intercept and modify.

    While all the attacks we described above were carried out in our dedicated test lab setup – where we used specific software defined radio equipment – we have also proven that an attacker is able to carry out such attacks using a modified standard, easy to obtain VHF radio which costs approximately €150, or approximately US$200.

    We are preparing a white paper describing our research in detail, which will be released at an upcoming security conference, but the slides from our talk at HITB are now available on Trend Micro’s SlideShare page:

    Fixing the flaws in AIS is not trivial, as they exist right down to the core of the protocol. Even if the AIS internet providers altered their sites, the underlying protocol is still open to lots of abuse. At a minimum, a new version of AIS would need to incorporate defenses for the three core issues outlined: validity, authentication and encryption. We are fully aware that the costs to update AIS on all vessels is high – but in light of threats such as piracy and terrorism, there really are no alternatives.

    AIS is only one example of a critical radio based system that was designed in a world before the Internet or Software-defined radio. The problem is bigger than marine traffic alone. Other systems such as ADS-B (used by airplanes), or soon to be released systems around car communication suffer from some of the same limitations and vulnerabilities.

    Trend Micro’s Forward Looking Threat Research team are actively investigating this area as part of Trend Micro’s mission to secure the world for the exchange of digital information.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    • svea_jarl

      The AIS system works fine. It is a good help for navigators and shipping Companys.
      But that is all it is a HELP. One system among many.

    • dieseltaylor

      This is not news to the me as it was flagged up last year in trials carried out on the East Coast of the UK . As it happens the UK is introducing eLoran as an extra navigation system around the UK – you can read about it on Wikipedia.

      Incidentally AIS is currently coastal base station based but within two years there will be satellites that cover all oceans for AIS which together with other satellites will improve the monitoring of fishing grounds and finger ships that try to remain unidentified.

      Also bear in mind that ships doing the apparently impossible or strange will immediately become noticeable and can be suppressed. So yes there are problems about AIS and they are the same problems that exist for GPS on land..

      The real scare story is that businesses use GPS timing signals for mainstream processes. Bloody daft if there is no redundancy in the system. Blame governments and businesses got not caring about security just cheapness and short term blinkered thinking.

    • Patrick

      Breaking news:

      “There is a big security hole in the protocol of traffic signs! – Through a man in the middle attac traffic signs can be replaced and changed to show something else. This is potentially very dangerous. Imagine a bussy traffic crossing without stop sign. All responsible international bodies have been informed about this flaw and promissed imrpovement.”

      Irony asside: We are living in a world where 100% security can never ever be assured not even in the best possible case. On the one hand, no application should pretend to be 100% save. On the otherhand, you by yoursself always have to be reasonable and never trust anything with your life.

      AIS was developped as and additional tool for navigation. In good seamanship, you never rely on only one source of information.

      And: AIS was never inteded to be distributed through the internet or to give a clear pciture of world ship traffic. Who ever is doing it still has to life with possible flaws.

    • http://www.sjponeill.wordpress.com/ SJPONeill

      There are many incidents where, for one reason or another, a bridge crew has not been enough to maintain safe shipping procedures. These guys are from the Forward Looking Threat team and are pointing out a vulnerability that may be exploited in the future.

    • Capitain

      what a large load of scaremongering. You can do the same with aircraft given a vhf transmitter, but at 600knots they have far less time to react. in this day and age of everything has to happen now, do people forget that the ships are only doing 30knts, and there is (should be) a watchkeeping effort on the bridge using what is termed the ‘mark one eyeball’. AIS should not be used for navigation, collision avoidance, emergency, security or anything else of that nature, it is purely an information system and if treated in that way then it can present no threat to anyone. Bridge crews should be using their eyesight, knowledge and basic navigational skills to conduct their ships.

    • fl capt

      Ever heard of radio triangulation??? try this trick in proximity of USCG vessel and you will be staring down the medium caliber gun barrel and enjoy no fly list for the rest of your life.

      • Saling_the_internet

        Yes radio triangulation can solve the problem… But take time to react, implement and reach to a valid results… Even OM and radio ham use this kind of thing for fun… something called “fox hunting”. Anyhow… if the system is not used for navigation at all why it is mandatory? and also… if the system isn’t trustable is unuable anymore…



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice