Ship trackers vulnerable to hacks October 18, 2013 5:28 PM By Dave Lee Technology reporter, BBC News The researchers were able to spoof the route of boats A system used globally to track marine activity is highly vulnerable to hacking, security experts have warned. Weaknesses in outdated systems could allow attackers to make ships disappear from tracking systems - or even make it look like a large fleet was incoming. Researchers at Trend Micro said their findings showed the danger of using legacy systems designed when security was not an issue. But one vessel-tracking specialist said spoof attempts could be easily spotted. Lloyds List Intelligences Ian Trowbridge said that in addition to the vulnerable technology - known as the Automatic Identification System (AIS) - other measures could be used to identify marine activity. The spoofing would immediately be identified by [Lloyds List Intelligence] as a warp vessel, he said, providing unexplained position reports outside of the vessels speed/distance capability and thus subject to further investigation and validation. No checking The AIS system is used to track the whereabouts of ships travelling across the worlds oceans. For ships over a certain size, having AIS fitted is mandatory under international maritime law. It is designed to transmit data about a ships position, as well as other relevant information, so that movements can be seen by other boats as well as relevant authorities on shore. One other use is to alert nearby ships when a man or woman is overboard - an alert that can easily be spoofed, says Trend Micros Rik Ferguson. It boils down to the fact that the protocol was never designed with security in mind, he told the BBC. Theres no validity checking of whats being put up there. Using equipment bought for 700 euros (£600), the researchers were able to intercept signals and make vessels appear on the tracking system, even though they did not exist. In one example, the team was able to make it look as if a ships route had spelled out the word pwned - hacker slang for owned. Somali pirates The information broadcast by AIS is public - but when the system was first put in use, in the early 1990s, the technology required to receive the information was prohibitively expensive for those not directly involved in the industry. But now, a typical internet connection can be used to see the locations of boats, as well as an indicator of what type of cargo they may be carrying. There has been speculation that Somali pirates have been making use of the system. It has long been thought that the pirates are basically using AIS as a shopping list, Mr Ferguson said, seeing whats coming into local waters, and what cargo it may have. However, Lloyds List Intelligence noted that captains are permitted to disable AIS if they feel their crew could be endangered by it.
Posted on: Tue, 11 Mar 2014 13:08:49 +0000
Trending Topics
Recently Viewed Topics
© 2015