AIS Hacking – Buzz, Hype, and Facts

Posted by Dean Rosenberg

Earlier this month, pwned ais hacking resized 600researchers at a “hacker’s conference” in Kuala Lumpur were able to demonstrate what on the surface appeared to be some serious vulnerabilities to the Automatic Identification System (AIS).  During this session, researchers were able to make vessels “disappear”, spoof vessel transmissions, and introduce new vessel tracks on an AIS-based display.  There was also discussion of other things that bad actors could accomplish, such as spoofing a “man overboard” alert (through AIS or GMDSS) to divert a vessel from its current course, or even to re-map current vessel positions that are being validly transmitted.  When word of this conference hit the street, the “blogosphere” lit up – and everyone from Lloyds List to NBC News to Yahoo were painting sensational pictures suggesting that the safety and security of the maritime industry as we know it was about to change.

Here is our perspective at PortVision.

First, let me start by saying that the hacking scenarios demonstrated and the subsequent AIS vulnerability depicted are in fact, true.  By definition, the AIS standard is an open standard, with vessel positions and related data transmitted in clear text over marine band VHF.  The reason is that the only official mission of AIS is collision avoidance, and for two ships to talk to each other, they need to be able to easily broadcast, receive, and decode each other’s messages.  You can think of AIS like VHF Channel 16.  Anyone with the right hardware can reach out to any other mariner at any time.  And their broadcast over the radio can be factual, truthful, or even intentionally deceitful and misleading.  A broadcast on Channel 16 can cause a vessel to alter its course (i.e. mariner in distress), or otherwise convey false information that could put a vessel in harm’s way.

Same with AIS…at least in theory.  Since AIS uses an unsecure protocol that is fully documented in the public domain, anyone who has the will (and a little electronics equipment) can do bad things.  The original authors of the protocol know this.  Those of us who work with AIS on a regular basis know this.  And it is likely that the bad guys know this as well.  It is not news.  And as the NBC article points out, to call it hacking is an insult to hackers everywhere.  It is simply using existing technology in ways that are unethical and unlawful.

Now, the reality…

At PortVision, we have been in the “AIS business” since the IMO first mandated the use of AIS on vessels in 2005.  Since that time we have processed over 100 billion (yes, billion, with a “B”) global vessel positions for use in our systems.  During this time, we have seen a number of cases of misconfigured AIS transponders transmitting erroneous data, and when we see this, we do our best to inform the vessel owner whenever possible.  However, in the last eight years we have not documented a single case where a vessel operator was put in harm’s way due to bad actors intentionally transmitting erroneous data.  Thus, for mariners relying on AIS for collision avoidance, the system has been a reliable tool in the toolbox (but not the only tool in the toolbox).  And even for shore-side personnel using AIS for business purposes through systems like PortVision, we don’t know of any case where intentionally transmitted erroneous data impacted operations.  Furthermore, PortVision provides data and expert testimony in approximately 3-5 legal cases in the USA each month, and to my knowledge the quality and correctness of the data has never been successfully challenged… in ANY case. 

Of course, for those in government intelligence, homeland security, and law enforcement who use AIS for vessel tracking to enhance maritime domain awareness, the topic of AIS data integrity, spoofing, and hacking is much more real.  These users will indeed need to be aware of all of the tactics, tools, and technologies used by bad actors to obscure their actions – whether it be embargo violations, illegal fishing, or even terrorism. 

But for the mainstream users of AIS, whether in the wheelhouse or in the corporate office, AIS continues to be a reliable data source that increases the safety of life at sea, as well as (more recently) providing valuable data to help maritime organizations do business better on land.

This doesn’t mean that the industry does not need to be vigilant against pirates, terrorist organizations, and others who may want to do harm.  We MUST be vigilant.  And part of that vigilance will be in our understanding of both the benefits and risks of ALL onboard technology, whether it be AIS, GMDSS, SSAS, VHF marine radio, or commercial satellite communications.

 

I welcome your thoughts on this important topic. 

-Dean 

PortVision 360 AIS Vessel Tracking

Posted on Oct 21, 2013, 11:38:00 AM

Topics: Blog