New Delhi, November 7, 2013 – A global leader in security software, Trend Micro Incorporated (TYO: 4704; TSE:4704),warns of vulnerabilities discovered in global vessel tracking systems like the Automatic Identification System (AIS). When compromised, communications of existing vessels can be hijacked to create fake vessels, trigger false SOS or collision alerts. With the AIS as a mandatory vessel tracking system for all passenger (regardless of size and weight) and commercial (non-fishing) ships over 300 metric tons, the risks go beyond monetary to include criminal activities like piracy.
What makes the AIS protocol vulnerable?
Trend Micro found four key issues with the AIS protocol, namely:
· Lack of validity checks: The lack of geographical validation meant that it is possible to send an AIS message from any location for a vessel at another location.
· Lack of timing checks: With no time stamp information included in the message, cybercriminals can manipulate and replay valid AIS information at their choosing.
· Lack of authentication: Without authentication built into the AIS protocol, anyone with the ability to craft an AIS packet, impersonation of any other vessel can occur.
· Lack of integrity checks: All AIS messages are sent in an unencrypted and unsigned form makes it easy for interception and modification.
Manipulation of information through AIS protocols steering ships astray
Attacks can be executed on two fronts – the main AIS Internet providers and the actual specification of the AIS protocol used by hardware transceivers.
Forward Looking Threat researchers at Trend Micro found that the main AIS Internet providers that collect AIS information and distribute them publicly have vulnerabilities thatallow attackers to tamper with valid AIS data and inject invalid AIS data. These include the modification of all ship details from its position, course, cargo, flagged country, speed, name and Mobile Maritime Service Identity. Scenarios include the creation and modification of Aid to Navigations entities like buoys and lighthouses that could lead to harbor entrance blockages or even shipwrecks! With the power to change information, cybercriminals now have the ability to manipulate vessels, with unthinkable consequences.
“With flaws discovered in the actual specification of the AIS protocol used by hardware transceivers in all mandatory vessels, Trend Micro also warn of authority and alert impersonations, triggering false positives or sending out incorrect information that could lead to accidents. Other scenarios include the permanent disabling of a vessel’s AIS, where without one, the ship and its crew become more vulnerable toattacks from lurking pirates without warning from authorities. Cybercriminals could also leverage the issuance of a fake Closest Point of Approach alert, where a false collision warning is sounded off, possiblytriggering the vessel to recalculate a course to avoid collision and into the intended direction set by waiting criminals,” said Dhanya Thakkar, Managing Director, India & SAARC, Trend Micro
“Leaving no stone unturned, cyber criminals are always coming up with new ways to exploit vulnerabilities. These scenarios depict how cybercriminals can cause harm to the maritime and shipping industry, through manipulation of the communication and information. There is a need for businesses and the authorities to take heed, be vigilant and better protected against such threats.” said Kylie Wilhoit, Forward Threat Researcher, Trend Micro.
Trend Micro urges the maritime and shipping industry to stay vigilant, and perform regular checks against alternative sources, like manual navigation systems, on information obtained from AIS. In addition, as providers look to improving current AIS, Trend Micro highlights three core issues in need for incorporation of defenses to be heightened: validity, authentication and encryption.
For more information and updates on the AIS vulnerabilities, please visit: http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-discovered-in-global-vessel-tracking-systems/
Trend Micro’s blog post on other ways AIS can be compromised, please visit this link.
HITB Security Conference Presentation by Kylie Wilhoit, Forward Threat Research, Trend Micro, on the vulnerability can be found here.
