BreachExchange mailing list archives
Hackers Figured Out How to Hijack Shipping Vessel Tracking Systems
From: Lee J <lee () riskbasedsecurity com>
Date: Sat, 19 Oct 2013 09:46:01 +1100
http://gizmodo.com/hackers-figured-out-how-to-hijack-shipping-vessel-track-1447718429 A team of white hat hackers recently figured out how to break into the navigation technology used to track 400,000 shipping vessels worldwide. With this kind of access they could hypothetically make it appear as if a fleet of mystery ships was about to invade New York City. This is not good. The affected system is known as the Automatic Identification System (AIS), and it's used by port authorities and shipping vessels alike to keep track of nearby craft. Because the systems evidently lacked security controls, researchers from cybersecurity firm Trend Micro were able to waltz right in and cause trouble using cheap radio equipment. They could make fake ships appear out of nowhere, real ships disappear inexplicably and create fake emergency alerts. In one case they made a real tugboat disappear from the Mississippi River and appear in a lake near Dallas. Remember the series of horrifying cyber attack scenarios President Obama's suggested could cause real world damage? This is one of them. The fake fleet is one thing, but if the bad hackers decided to take advantage of this vulnerability, the limits of the damage they could cause would be bound only by their creativity. And this isn't even the only major security vulnerability that's been revealed this year. Over the summer, some students from the University of Texas figured out how to steer an $80 million yacht off course using fake GPS signals. Think of the fun the pirates would have with these hacks! The good news is that the good guys got to this one first. The Trend Micro team just presented the findings of their research at the Hack in the Box conference, and hopefully the people behind AIS will at least add some encryption software to the system before Ghost Ship becomes more than just a B-movie. [Tech Review]
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Hackers Figured Out How to Hijack Shipping Vessel Tracking Systems Lee J (Oct 22)