Menu
Vessel-tracking system vulnerable to denial-of-service, other attacks, researchers say

Vessel-tracking system vulnerable to denial-of-service, other attacks, researchers say

Attackers could disable Automatic Identification System communications over large areas or send fake localization information to ships

The Hack in the Box 2014 security conference takes place in Amsterdam May 29 - 30.

The Hack in the Box 2014 security conference takes place in Amsterdam May 29 - 30.

Inexpensive equipment can be used to disrupt vessel-tracking systems and important communications between ships and port authorities, according to two security researchers.

During the Hack in the Box conference in Amsterdam Thursday, Marco Balduzzi, a senior research scientist at Trend Micro, and independent security researcher Alessandro Pasta described three new attacks against the Automatic Identification System (AIS), which is used by over 400,000 ships worldwide.

AIS supplements information from marine radar systems and sends a ships's identity, type, position, course, speed, navigational status and safety-related information to other ships, shore stations and aircraft. Port and coastal authorities also use the system to send important traffic information and other data back to the ships.

Balduzzi and Pasta warned last year that the lack of authentication and integrity-checking in the AIS communication protocol could allow pirates, terrorists or other attackers to create ghost vessels or spoof information received by the ships.

It's also possible to disable AIS communications over a large region, Balduzzi said Thursday. An attacker could impersonate a port authority and tell all AIS systems -- on ships, in shore stations, etc. -- to stop transmission for a number of minutes, and then repeat the command when that interval passes in order to prolong the downtime, he said.

Balduzzi and Pasta experimented on land with a self-built AIS transmitter and power amplifier and achieved a signal range of 20 km, but at sea the range would be bigger because there are less obstacles. Using more power can also significantly boost the range.

The equipment used by the researchers cost US$600, but they said that an AIS transmitter could be built with cheaper components for under $100.

AIS communications can also be used as a channel to exploit vulnerabilities in the software running on the back-end systems that process and collect AIS data. For example, the researchers found an SQL injection vulnerability in a system used by ship captains to store weather forecasts received over AIS.

The vulnerability could be exploited to insert bogus weather information into the database or even delete the whole database, Balduzzi said.

The impact of using AIS to attack back-end systems depends on what those systems are designed to do and what kind of vulnerabilities they potentially have. If the system stores information about ship traffic in a harbor for example, inserting bad information into its database or deleting it can have serious consequences, the researcher explained.

A third attack presented Thursday involves the spoofing of Differential Global Positioning System (DGPS) information sent over AIS. DGPS data improves the accuracy of GPS-based localization from meters to centimeters.

A constant stream of spoofed DGPS data could make a ship deviate from its course, Balduzzi said. The result would be similar to that of a GPS spoofing attack demonstrated by researchers from the University of Texas at Austin last year, he said.

According to the International Maritime Organization (IMO), the United Nations agency responsible for the safety and security of shipping, the installation of AIS is required on all ships of 300 gross tonnage or more that are engaged on international voyages and for all passenger ships regardless of size.

The IMO did not immediately respond to a request for comment about the AIS attacks revealed Thursday at Hack in the Box.

According to Balduzzi and Pasta, AIS providers and maritime authorities generally acknowledged in the past that the lack of authentication and integrity checking in AIS is a problem, but said that captains are instructed to correlate information from multiple systems and not rely on AIS data alone.

"To me, if you have a system that's supposed to enhance the previous systems, but is not secure and can report wrong information, then it's useless," Balduzzi said.

Completely fixing the problem would require redesigning the communication protocol to build in security, and then upgrading or replacing the AIS hardware installed on ships, in ports and ground stations. However, that's not feasible in the short term, the researchers said. Using specialized software to detect anomalies in the AIS data can be a temporary solution, but won't protect against all possible attacks like the denial-of-service ones, they said.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags intrusiontrend microsecurityphysical securityAccess control and authenticationExploits / vulnerabilitiesdata protectionfraudInternational Maritime Organization

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments