Thursday, May 2, 2013

Loose blips sink ships: leaky communications threaten marine vessels

AIS data public information access : and old debate

From TechNewsDaily

Most seafaring vessels use an onboard device called an automatic identification system (AIS) receiver that store a wealth of information about the ship.
And according to research from the security experts at Boston's Rapid7 Labs, AIS receivers are ridiculously insecure.

These inexpensive gadgets look like ordinary radio receivers and collect information from GPS, nearby VHF radios, shipboard anti-collision systems, search-and-rescue aircraft and maritime security organizations to keep ships and travelers safe

Spying on the Seven Seas with AIS

Rapid7 studied over 34,000 vessels around the world and, because of their AIS devices, were able to identify and track individual ships, GPS coordinates and outgoing communications from every vessel involved.

To suggest that most seafaring ships — including tankers, fishing boats and military vessels — could be hacked would be an insult to industrious hackers everywhere.

Instead, reading a ship's private or sensitive communications requires no hacking knowledge whatsoever.
The amount of publicly broadcast, potentially sensitive material on the ocean is staggering.

The Nationwide Automatic Identification System (NAIS) consists of approximately 200 VHF receiver sites located throughout the coastal continental US, inland rivers, Alaska, Hawaii and Guam. 
NAIS is designed to collect AIS transmissions from local vessels.
Currently, NAIS collects valuable maritime data in 58 critical ports throughout the United States for use by Coast Guard operators and port partners.
The primary goal of NAIS is to increase Maritime Domain Awareness (MDA) through data dissemination via a network infrastructure, particularly focusing on improving maritime security, marine and navigational safety, search and rescue, and environmental protection services.

All you need to monitor AIS transmissions is an AIS receiver of your own.
Whenever a ship broadcasts its position on AIS (which it does every one to three minutes, by default), it includes a Maritime Mobile Service Identity (MMSI) number.

Every ship has a unique MMSI number, which means that an interested party could identify any ship that broadcasts its position over AIS.
Put the MMSI and the latitude/longitude coordinates together, and you can not only pick out a vessel, but track its course as well.

This information is particularly troubling for military and law-enforcement ships, whose AIS receivers broadcast location and MMSI information in exactly the same way as private ones.

Rapid7 was able to identify and track 29 law-enforcement vessels and 27 military ships.
It's not hard to imagine what a group of pirates or terrorists might do with the same facts — and if Rapid7 can find compromising information, so can malefactors.

AIS receivers can also broadcast short, all-caps messages, ranging from the pleasant ("GOOD AFTERNOON HAVE A NICE DAY") to the informative ("VISIBILITY OF LESS THAN 1 NAUTICAL MILES IS REPORTED") to the potentially compromising ("CRANE VESSEL HERMOD TOWED BY TUG HUS").

Monitoring safety messages is time-consuming but not difficult, and could yield some juicy information for those with malicious intent.
Rapid7 has categorized AIS transmissions as a security threat, and it's not alone in doing so.

In 2004, the International Maritime Organization called the unsecured transmission and free sharing of AIS data "detrimental to the safety and security of ships and port facilities."

"In relation to the issue of freely available automatic identification system (AIS)-generated ship data on the world-wide web, the MSC agreed that the publication on the world-wide web or elsewhere of AIS data transmitted by ships could be detrimental to the safety and security of ships and port facilities and was undermining the efforts of the Organization and its Member States to enhance the safety of navigation and security in the international maritime transport sector. The Committee condemned the regrettable publication on the world-wide web, or elsewhere, of AIS data transmitted by ships and urged Member Governments, subject to the provisions of their national laws, to discourage those who make available AIS data to others for publication on the world-wide web, or elsewhere from doing so.
In addition, the Committee condemned those who irresponsibly publish AIS data transmitted by ships on the world-wide web, or elsewhere, particularly if they offer services to the shipping and port industries.

Furthermore, many AIS devices have Internet capabilities, meaning that all of the information they receive and collect can be uploaded as soon as the ship pulls into a Wi-Fi-enabled port.

There is no evidence that hackers could compromise or hijack an AIS device, but then again, there is no evidence that anyone has ever tried.

Considering that oceangoing vessels are responsible for an enormous chunk of global commerce and defense, leaving a primary means of communication undefended seems like asking for trouble. Internet pirates are troublesome enough without bringing real ones into the mix.

Links :