AIS can no longer be trusted, says hacking expert
Lloyds List Wednesday 16 October 2013Â byÂ David Osler
THE Automatic Identification System is â€œfundamentally brokenâ€Â and can no longer be trusted, according to Trend Micro, the company that detailed its researchers to prove how easy it is to hack into the system that tracks the location of the world fleet.
Rik Ferguson, director of security research, said that a team from the firm had discovered simple ways of making any ship appear at any given set of co-ordinates, and even to invent virtual vessels that show up on computers linked to AIS.
The development is being highlighted at a hacking and security conference taking place today in Kuala Lumpur, Malaysia.
â€œWe are highlighting the real dangers of older technology when things are becoming ever more interconnected through the internet, particularly things that were never intended to be so,â€ said Mr Ferguson.
Systems that have relied in the past on the difficulty of modifying radio frequencies are now becoming a wide open playing field, as the underlying software becomes increasingly easy to modify.
The company investigated the issue as part of its pre-emptive work on forward-looking threats on the internet, even though concluded that the problem offers no immediate profit potential.
Nevertheless, the problem has been identified and the relevant bodies informed.
It said: â€œAIS is so fundamentally broken â€”Â and easy for attackers to carry out attacks on â€”Â that it requires fixes at the protocol level.
â€œThe basic outcome of the research is that if attackers begin to abuse it â€” which we havenâ€™t seen any evidence of yet â€” then the entire system could no longer be trusted, because there would not be any way of truthfully and accurately identifying which data is correct and which data is false.â€
Maritime security specialists have long worried that Somali pirates with basic laptops and an internet connection could exploit AIS for their own purposes.
Although the equipment needed to hack AIS is easy to source and cheap to buy, however, groups would need a certain level of expertise to succeed.
In theory, it is not beyond the ability of pirate groups to attain such expertise.
â€œThe thing with research is that once it is out there, it can easily be abused. But on the flipside, without it being out there, it is unlikely that the weaknesses in the protocol can be plugged, and that is the most important thing.â€
One nasty possibility is a so-called frequency-hopping attack.
Vessels are tuned to a range of radio frequencies to communicate with port authorities and other vessels.
Ports can instruct AIS transponders to work on a specific frequency, but hackers could potentially spoof this command.
That could lead vessels in effect to disappear from AIS screens but still be visible to pirates.
Lloydâ€™s List sister business Lloydâ€™s List Intelligence is a prominent provider of vessel-tracking services, which unlike those of its rivals, is backed with human intelligence from the Lloydâ€™s of London agency network in 700 ports around the world.
Lloydâ€™s List Intelligence specialist Ian Trowbridge said the company would probably be able to spot malpractice.
â€œWhat this is about is reliability of unverified data,â€ he said. â€œFrom our aspect we have other data to support what is displayed.
â€œThe spoofing would immediately be identified by [Lloydâ€™s List Intelligence] as a warp vessel, providing unexplained position reports outside of the vesselâ€™s speed/distance capability and thus subject to further investigation and validation using visual reports from the network of Lloydâ€™s Agency and our other contacts worldwide.â€
The ability to misuse AIS has been understood for some time.
A simple Google search returns loads of articles and stories offering many methods, from altering GPS time offsets to the classic method of capturing real signals, replacing an Maritime Mobile Service Identity code or co-ordinates and providing another system flag to indicate a relay and retransmit.
â€œAdditionally port states and maritime authorities do have access to an alternate secure encrypted system for vessel tracking, long-range identification and tracking,â€ Mr Trowbridge said.
â€œThis, along with the other navigation systems that are not based upon AIS, will minimise the potential impact of potential AIS signal manipulation.â€