Trend Micro warns of vulnerabilities in global vessel tracking systems

A global leader in security software, Trend Micro warns of vulnerabilities discovered in global vessel tracking systems like the Automatic Identification System (AIS). 

When compromised, communications of existing vessels can be hijacked to create fake vessels, trigger false SOS or collision alerts. With the AIS as a mandatory vessel tracking system for all passenger (regardless of size and weight) and commercial (non-fishing) ships over 300 metric tons, the risks go beyond monetary to include criminal activities like piracy.

Trend Micro found four key issues with the AIS protocol, namely; lack of validity checks, lack of timing checks, lack of authentication and lack of integrity checks. Attacks can be executed on two fronts - the main AIS Internet providers and the actual specification of the AIS protocol used by hardware transceivers.

Forward Looking Threat researchers at Trend Micro found that the main AIS Internet providers that collect AIS information and distribute them publicly have vulnerabilities that allow attackers to tamper with valid AIS data and inject invalid AIS data. These include the modification of all ship details from its position, course, cargo, flagged country, speed, name and Mobile Maritime Service Identity. Scenarios include the creation and modification of Aid to Navigations entities like buoys and lighthouses that could lead to harbor entrance blockages or even shipwrecks. With the power to change information, cybercriminals now have the ability to manipulate vessels, with unthinkable consequences.

"With flaws discovered in the actual specification of the AIS protocol used by hardware transceivers in all mandatory vessels, Trend Micro also warn of authority and alert impersonations, triggering false positives or sending out incorrect information that could lead to accidents. Other scenarios include the permanent disabling of a vessel's AIS, where without one, the ship and its crew become more vulnerable toattacks from lurking pirates without warning from authorities. Cybercriminals could also leverage the issuance of a fake Closest Point of Approach alert, where a false collision warning is sounded off, possibly triggering the vessel to recalculate a course to avoid collision and into the intended direction set by waiting criminals," said Dhanya Thakkar, MD, India and SAARC, Trend Micro.

"Leaving no stone unturned, cyber criminals are always coming up with new ways to exploit vulnerabilities. These scenarios depict how cyber criminals can cause harm to the maritime and shipping industry, through manipulation of the communication and information. There is a need for businesses and the authorities to take heed, be vigilant and better protected against such threats." said Kylie Wilhoit, forward threat researcher, Trend Micro.