Researchers Highlight Security Vulnerabilities In Ship-Tracking System

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/attacks-breaches/researchers-highlight-security-vulnerabi/240162568

By Brian Prince
Dark Reading
October 11, 2013

When it works normally, the Automatic Identification System (AIS) used by 
ships can be a captain's best friend, helping him or her avoid collisions 
on the high seas. Under the control of a hacker however, AIS could become 
a captain's worst enemy.

At the upcoming Hack in the Box Security Conference in Malaysia, a team of 
security researchers are preparing to demonstrate how an attacker could 
hijack AIS traffic and perform man-in-the middle attacks that enable them 
to turn the tracking system into a liability.

AIS is an automatic tracking system intended to help identify and locate 
vessels electronically to help avoid collisions on the water. AIS 
transponders on the ships include a GPS receiver and VHF transmitter, 
which transmits information to other vessels or base stations. AIS is 
required on many vessels, including international voyage ships weighing 
300 tons or more and all passenger ships regardless of size.

According to Trend Micro's Kyle Wilhoit, one of the researchers who worked 
on the project, says the attacks can be broken up into two categories: 
those that target the AIS Internet providers that collect and distribute 
AIS information, and those that target flaws in the actual specification 
of the AIS protocol used by hardware receivers in all of the vessels. 
Without getting too deep into the vulnerabilities ahead of the 
presentation, which is slated for Oct. 16, Wilhoit explains that the 
upstream providers fail to authenticate AIS sentences coming from ships.

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/