Trend Micro Incorporated has issued warning of vulnerabilities discovered in global vessel tracking systems like the Automatic Identification System (AIS). With the AIS as a mandatory vessel tracking system for all passengers (regardless of size and weight) and commercial (non-fishing) ships over 300 metric tons, the risks go beyond monetary to include criminal activities like piracy.
Forward Looking Threat researchers at Trend Micro found that the main AIS Internet providers that collect AIS information and distribute them publicly have vulnerabilities that allow attackers to tamper with valid AIS data and inject invalid AIS data.
With flaws discovered in the actual specification of the AIS protocol used by hardware transceivers in all mandatory vessels, Trend Micro also warn of authority and alert impersonations, triggering false positives or sending out incorrect information that could lead to accidents. Cybercriminals could also leverage the issuance of a fake Closest Point of Approach alert, where a false collision warning is sounded off, possibly triggering the vessel to recalculate a course to avoid collision and into the intended direction set by waiting criminals, said Dhanya Thakkar, Managing Director, India & SAARC, Trend Micro.
Trend Micro urges the maritime and shipping industry to stay vigilant, and perform regular checks against alternative sources, like manual navigation systems, on information obtained from AIS. In addition, as providers look to improving current AIS, Trend Micro highlights three core issues in need for incorporation of defenses to be heightened: validity, authentication and encryption.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.