Hijack communications, create fake vessels, trigger false collision alerts; these and other actions can be carried out by cybercriminals, pirates or terrorists by taking advantage of weaknesses in the Automatic Identification System (AIS), currently installed on over 400,000 ships.
Researchers from security intelligence firm Trend Micro analysed the AIS, used in the tracking and locating of vessels the world over, and found flaws that make the system vulnerable to potential cyber-attacks.
More than 400,000 ships use the system
The Automatic Identification System (AIS) is a tracking system, obligatory for all commercial (non-fishing) vessels over 300 metric tonnes, as well as all passenger ships, regardless of their size and tonnage.
It works using GPS co-ordinates and exchanges data about the vessel’s position, course and other information with nearby ships and installations both in open waters and on the coast.
Nature of attacks
Trend Micro have discovered that the main AIS internet providers that gather AIS information and publicly distribute it have vulnerabilities that allow an attacker to alter valid AIS data and inject false AIS data.
These alterations allow an attacker to:
– Modify all ship details, including position, course, cargo, flag state, name, Mobile Maritime Service Identity (MMSI) status etc.
– Create fake vessels with identical details e.g. an Iranian vessel with nuclear cargo could appear off the US coast.
– Create and modify Aid to Navigations (AToN) entries, such as buoys and lighthouses. This leads to scenarios such as blocking the entrance to a harbour, causing a ship to wreck, etc.
– Create and modify marine search and rescue aircraft such as helicopters and light aircraft e.g. make a coast guard helicopter carry out a search and take off on a reconnaissance trip.
– The researchers have also discovered flaws in the current AIS protocol specifications used by the hardware transceivers on all vessels obliged to carry them.
These, together with the foregoing threats, have been shown to be capable of producing the following scenarios:
- Impersonate marine authorities to permanently disable the AIS system on a vessel, forcing the ship to stop communicating its position and stop receiving AIS notifications from all nearby vessels.
This can also be used to tag a specific geographical area so that, for example, as soon as a vessel enters Somalian waters it disappears from AIS, but the pirates who carried out the attack can still see it.
– Fake a ‘man-in-the-water’ distress beacon at any location that will also trigger alarms on all vessels within approximately 50 km.
– Fake a CPA alert (Closest Point of Approach) and trigger a collision warning alert. In some cases this can even cause software on the vessel to calculate an alternative course to avoid the collision, allowing an attacker to physically direct the vessel in a certain direction.
– Send false weather information to a vessel, e.g. to advise of storms approaching its course.
– Force all ships to send AIS traffic more frequently than normal, resulting in a flooding attack on all vessels and marine authorities in the area.
All this is possible because “the AIS protocol was designed without taking into account, apparently, security considerations”, say the experts, who as a minimum recommend “adopting a new version of AIS to include security measures to defend the three main issues of validity, authentication and encryption”.