Cheap homemade equipment can disrupt ships tracking system and interrupt communications between ships and Port authorities.
Senior researcher at Trend Micro anti-virus vendor Marco Balduzzi and independent researcher Alessandro Pasta described three new types of attacks that can be directed to the Automatic Identification System ( AIS) at Hack in the Boxconference in Amsterdam, AIS is used by more than 40,000 vessels worldwide and broadcast ship location, navigation status, speed and location of coastal stations. Port authorities also uses AIS to send important information to ships.
Security experts warned last year that the lack in AIS authentication and communication protocol may allow pirates, terrorists and cyber criminals to distort the information sent to the vessel, or by specifying an incorrect location of the ships. Researchers conducted an experiment on the ground, using equipment costing $ 600 and were able to send a signal to a distance of 20 miles, but in the sea and it can reach a greater distance, due to less interference. With less than $100 electronic parts you can make an AIS transponder.AIS is essentially an automatic radio beacon, when it receives a signal from a nearby AIS equipped ship, responds with the ship’s identity, course, and speed.
AIS can also be used as a channel for exploiting vulnerabilities in softwares installed on ships server systems that collect and process data . Researchers have found the possibility of SQL-injection with AIS on ships server system where captains used to store data about the weather forecast and other vessel data,with SQLi Vulnerability attacker can completely remove or replace the database informations.