Loose Blips Sink Ships: Leaky Communications Threaten Marine Vessels
Robot balloon cranes might slash costs for major shipping ports -- or make give them new competition.
CREDIT: Port of L.A.
Most seafaring vessels use an onboard device called an automatic identification system (AIS) receiver that store a wealth of information about the ship. And according to research from the security experts at Boston's Rapid7 Labs, AIS receivers are ridiculously insecure.
These inexpensive gadgets look like ordinary radio receivers and collect information from GPS, nearby VHF radios, shipboard anti-collision systems, search-and-rescue aircraft and maritime security organizations to keep ships and travelers safe.
Rapid7 studied over 34,000 vessels around the world and, because of their AIS devices, were able to identify and track individual ships, GPS coordinates and outgoing communications from every vessel involved.
To suggest that most seafaring ships — including tankers, fishing boats and military vessels — could be hacked would be an insult to industrious hackers everywhere.
Instead, reading a ship's private or sensitive communications requires no hacking knowledge whatsoever. The amount of publicly broadcast, potentially sensitive material on the ocean is staggering.
All you need to monitor AIS transmissions is an AIS receiver of your own. Whenever a ship broadcasts its position on AIS (which it does every one to three minutes, by default), it includes a Maritime Mobile Service Identity (MMSI) number.
Every ship has a unique MMSI number, which means that an interested party could identify any ship that broadcasts its position over AIS. Put the MMSI and the latitude/longitude coordinates together, and you can not only pick out a vessel, but track its course as well.
This information is particularly troubling for military and law-enforcement ships, whose AIS receivers broadcast location and MMSI information in exactly the same way as private ones.
Rapid7 was able to identify and track 29 law-enforcement vessels and 27 military ships. It's not hard to imagine what a group of pirates or terrorists might do with the same facts — and if Rapid7 can find compromising information, so can malefactors.
AIS receivers can also broadcast short, all-caps messages, ranging from the pleasant ("GOOD AFTERNOON HAVE A NICE DAY") to the informative ("VISIBILITY OF LESS THAN 1 NAUTICAL MILES IS REPORTED") to the potentially compromising ("CRANE VESSEL HERMOD TOWED BY TUG HUS").
Monitoring safety messages is time-consuming but not difficult, and could yield some juicy information for those with malicious intent. [See also: 10 Things You Didn't Know Could Be Hacked]
Rapid7 has categorized AIS transmissions as a security threat, and it's not alone in doing so. In 2004, the International Maritime Organization called the unsecured transmission and free sharing of AIS data "detrimental to the safety and security of ships and port facilities."
Furthermore, many AIS devices have Internet capabilities, meaning that all of the information they receive and collect can be uploaded as soon as the ship pulls into a Wi-Fi-enabled port.
There is no evidence that hackers could compromise or hijack an AIS device, but then again, there is no evidence that anyone has ever tried.
Considering that oceangoing vessels are responsible for an enormous chunk of global commerce and defense, leaving a primary means of communication undefended seems like asking for trouble. Internet pirates are troublesome enough without bringing real ones into the mix.