Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    October 2013
    S M T W T F S
    « Sep   Nov »
  • Email Subscription

  • About Us

    Archive for October 13th, 2013

    In recent years, automated identification systems (AIS) have been introduced to enhance ship tracking and provide extra safety to marine traffic, on top of conventional radar installations. AIS is currently mandatory for all passenger ships and commercial (non-fishing) ships over 300 metric tons. It works by acquiring GPS coordinates and exchanging vessel’s position, course and information with nearby ships, offshore installations, i.e. harbors and traffic control stations, and Internet tracking and visualization providers.

    Installed in an estimated 400,000 vessels, AIS is currently the best system for collision avoidance, maritime security, aids to navigation and accident investigations.

    As the world becomes more connected to the “Internet of Things”, Trend Micro’s Forward Looking Threat researchers continue to look into any technologies that could be abused by attackers in the near future. Given its importance in marine safety, we conducted a comprehensive security evaluation of AIS, tackling it from a software, hardware, and radio frequency perspective.

    This Wednesday myself, my colleague Kyle Wilhoit, and independent researcher Alessandro Pasta will be presenting at the Hack in the Box conference in Kuala Lumpur, Malaysia, one of the most well-known security conference in the industry. We will discuss how we were able to hijack and perform man-in-the-middle attacks on existing vessels, take over AIS communications, tamper with the major online tracking providers and eventually fake our own yacht and search and rescue vessels. We will release more details after the conference later this week.

    Figure 1. Attacked AIS system



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice