Attacking Vessel Tracking Systems for Fun and Profit
By Marco Balduzzi, Kyle Wilhoit and Alessandro Pasta
The talk was cleverly dubbed “Hey Captain, Where’s Your Ship?” The speakers demonstrated and exploited the Automatic Identification System. AIS is a tool that provides tracking systems for ships, centralized management for port authorities, and ship-to-ship communication in the open sea. This and other similar tools also play an important role in collision avoidance, search and rescue operations, accident investigations, plotting of predefined ship routes, and weather forecasting.
The researchers enumerated past successful attacks made against the AIS. A spoofing attack was one example, which is the ability to pose as an authorized individual in order to falsify data to gain control of a system. Another example covered was virtual ship hijacking, which entails rendering a ship invisible in radar. An attacker can also fake coordinates for a nonexistent ship.
Other real-world threats discussed included falsifying “man-in-the-water” distress signals broadcast in open water to trigger alarms on nearby ships. Such instances might persuade captains to launch search-and-rescue actions resulting in wasted resources or delays with operational schedules.
Sinking ships altogether was also mentioned as a possible threat. This can be accomplished by sending fake Closest Point of Approach (CPA) messages to spawn collision warnings. Ships might be programmed to automatically react by turning away from the collision course but in reality, could be turning towards one another.
Pirates – yes they do exist – may also compromise naval technology for ill intent. For instance, they can issue erroneous weather reports to alter a ship’s route only to lead them into pirate infested waters. After boarding, pirates can then render ships invisible utilizing frequency-hopping, a tactic once used by naval militaries for protection against eavesdropping and radar jamming. Disabling AIS transponders, switching to non-default frequency and specifying a desired GPS location can be accomplished by these means.
Needless to say, these attacks and potential threats are quite disturbing.
According to the researchers, authentication can ensure the legitimacy of a ship’s transmitter. Integrity-monitoring of messages to detect signal tampering, time-checking to avoid replay attacks, and validity checks on data context to validate geographical information, and disclosures are all viable counter-measures. The researchers are currently working with appropriate AIS providers and authorities on addressing these vulnerabilities.
At one point, hacking an AIS was too difficult or impractical due to the high cost of hardware and other equipment. In order to sniff around AIS packets, hackers had to obtain the same equipment installed on ships. As a result, AIS providers may have developed a notion of impregnability. Now, hacking an AIS is possible by SDR (Software Defined Radio ). How times have changed.
RFIDler : Software Defined RFID Reader Writer Emulator
By Adam Laurie (aka Code Monkey)
In a typical Software Defined Radio setup, personal computers are equipped with analog-to-digital converters and hardware containing not much more than radio receiver circuitry. Usual hardware functionalities like modulation, demodulation, filtering, and mixing are all handled by software. In this regard, SDR has been made flexible enough to change radio protocol in real-time. Raw radio data can also be captured by SDR and saved as a WAV file.
RFIDler was built to be embedded into other hardware projects. It comes bundled with a command line interface and an API for end-user-applications. Reading, writing and emulating RFID tags are the key features of RFIDler. Read/write functionality also gives it an edge over other available tools.
According to RFIDler reasearchers, this tool is forcing the RFID manufacturers to make their products more secure and stated that it will become a viable alternative to more expensive and complicated tools such as Proxmark3. RFIDler will also remove the shackles of vendor-specific development kits.
For the past few months, hackers have shifted focus from exploiting software applications to hardware applications. Further proof was evident at the 2013 Black Hat Briefings during which the computer boxes of certain car models were hacked. Manufacturers in general should push security more to the fore front to protect their brand, products and consumers. Consumers should also be very vigilant about the “smart” products they are purchasing.
Threats from exploiting vulnerabilities in RFID-based software and hardware applications is real, and continues to been proven time and time again by researchers at Hack in the Box, Black Hat and other similar conferences.
