Monday, October 21, 2013

Well, AIS says ....

How strong is your crutch?
In the maritime business, Automated Identification Systems (AIS) are a big deal. They supplement information received by the marine radar system, are used for a wide variety of things - including ship-to-ship communication - and are relied upon each and every day. Unfortunately, the AIS can also be easily hacked in order to do some real damage, claims a group of researchers presenting at the Hack In The Box Conference currently taking place in Kuala Lumpur.
All good sorts of technical details at the link.

AIS isn't the end all and be all ... but anything that can be used to add confusion and mis-information is a huge potential source of problems. In an increasingly technical and networked environment, we need to be constantly asking ourselves if we are creating tools that can be easily used against us, or building on a false foundation.

Some people don't want to hear that and if your facts hurt their theories, they will - if they can - just ignore you.
The researchers said that they don't have much hope that their research will result with prompt changes.

"Perhaps the media attention will help," said Balduzzi. "But judging by the response received by Hugo Teso, who last year presented his research on airplane hijacking by interfering with its communication systems, the issue will not be addressed or fixed soon, and we don't expect to get a lot of feedback from the governing bodies."

On the other hand, they point out that their attacks are much more feasible than Teso's. "The difference between the airplane attacks and these ones is that the former are more difficult to perform, and therefore less likely to be performed by attackers in the wild." Also, they managed to test some of these attacks outside of a lab, so they are sure to work with systems already online.

The good news is that similar attacks haven't yet been spotted being performed by malicious individuals. But, according to Balduzzi, the danger is big and real.

"It's actually possible to do it by investing very little. For our experiment, we bought a SDR radio, which costs some 500 euros, but it's possible to do it by using a VHF radio that costs around a 100 euros - a price that makes the technology accessible to almost anyone (including pirates). The threat is very real, and that's why we talked upfront with the ITU," they concluded.

No comments: