AIS vulnerabilities subject to scientific research

On the upcoming security conference “Hack in the Box” in Malaysia, researchers from the Japanese security company Trend Micro will present the conclusions of their research on the AIS protocol. They come to the conclusion that due to the openness of the transmission protocol, the AIS system is sensitive to man-in-the-middle attacs. According to Trend Micro the main problem is the missing verification or authentication of AIS clients. Receivers can never be sure whether they are receiving the signal of an actual vessel or a fake signal.

The researchers identify two possible scenarios exploiting the vulnerabilities:

  1. Fake AIS signals could be transmitted. E.g. simulating SAR beacons and thus issuing an alarm on all nearby vessels. Or fake vessels could disturb the data of AIS data providers which collect data on worldwide ship traffic.
  2. AIS signals of existing vessels can altered and retransmitted. By changing a vessels’ speed, course and possition, traffic patterns as received on AIS will be altered which could cause automatic collission warnings to be triggered. Even automatic actions like collission avoidance manouvers could be initiated.

The open characteristics of the AIS protocol have never been a secret and is well known to anybody working with the AIS for a longer time. In parts it is even this simplicity of the AIS protocol which made a lot of today’s applications possible. Initially, when developped by the IMO the main purposse of AIS was being an aid to navigation. Today, AIS is much more. Ship opperators use AIS to keep track of their fleet, port agents use AIS to manage their business, commodity traders use AIS to make predictions about the market.

To seafarers, it is common seamanship, to neveer rely on only one source of navigation. They treat any navigational aids with due respect. They should always double check the data provided by their AIS receivers.

As for AIS data providers which collect and redistribute AIS data, ensuring good quality of their data and verifying the origin has always been one of their foremost efforts. See also the talk of Mark Deverill at AIS Summit 2013 on the data quality of Lloyds List Intelligence.

Marine Traffic is one AIS provider which by themselves offer an app for smartphones that allows to transmit simulated AIS signals. However, the signal is send directly to their server and not transmitted on the standard AIS frequencies. The mobile phone can be configured to be any vessel which is currently not in range. These fake data will then show up on Marine Traffic’s tracking website.

Although the weakneses of the AIS protocol are nothing new, exploiting them may lead to confusion or even possibly unsave situation. Fake distress signals may cause unnecessary actions of SAR services.

Read more at www.darkreading.com
Information on AIS by the IMO: http://www.imo.org