In recent years, automated identification systems (AIS) have been introduced to enhance ship tracking and provide extra safety to marine traffic, on top of conventional radar installations. AIS is currently mandatory for all passenger ships and commercial (non-fishing) ships over 300 metric tons. It works by acquiring GPS coordinates and exchanging vessel’s position, course and information with nearby ships, offshore installations, i.e. harbors and traffic control stations, and Internet tracking and visualization providers. Installed in an estimated 400,000 vessels, AIS is currently the best system for collision avoidance, maritime security, aids to navigation and accident investigations. As the world becomes more connected to the “Internet of Things”, Trend Micro's Forward Looking Threat researchers continue to look into any technologies that could be abused by attackers in the near future. Given its importance in marine safety, we conducted a comprehensive security evaluation of AIS, tackling it from a software, hardware, and radio frequency perspective. This Wednesday myself, my colleague Kyle Wilhoit, and independent researcher Alessandro Pasta will be presenting at the Hack in the Box conference in Kuala Lumpur, Malaysia, one of the most well-known security conference in the industry. We will discuss how we were able to hijack and perform man-in-the-middle attacks on existing vessels, take over AIS communications, tamper with the major online tracking providers and eventually fake our own yacht and search and rescue vessels. We will release more details after the conference later this week.
Figure 1. Attacked AIS system