Hacking Into AIS

Posted by Peggy Browning on Oct 16, 2013 2:26:00 PM

There has been some publicity lately around the notion of being able to ‘hack AIS’.  I think it’s critically important to understand a few technical points about AIS before spending the time discussing such an idea.

  1. AIS is designed to augment radar as a collision avoidance tool aboard a ship.  It is not intended to be the PRIMARY collision avoidance tool, that is, and for the foreseeable future will remain, the radar.  And let's not forget about the window!!
  2. AIS for tracking purposes is used by shore authorities for management of maritime traffic, and again, they will always use radar as their primary tracking tool, with AIS as an augmentation.
  3. AIS for tracking purposes is also used for security applications, but again ... AIS should be one of many factors considered when evaluating a security threat.  It is not, nor should it be, used as the only source of information.



As far as AIS Spoofing goes (adding data to downstream, non-receiving, service providers), the identified threat is real, that's why these streams should be time offset when offered to the public.  The providers themselves should be reputable, and not sell to just "anyone".  Further, a reputable provider, such as exactEarth will have a secure encrypted delivery system to ensure that tampering between source and customer is not possible.

What about Ship Hijacking or using a known ship MMSI and injecting AIS RF transmissions? This can be difficult to determine for the shore authority, but it is much easier for a satellite provider.  We see the "forest" and so we know when a ship is in multiple locations around the world and exactEarth will tag such a ship for investigation. 

A ship can also be crosschecked, using the IMO hull number to cross reference to ship pictures/stats found in databases such as Lloyd's List.  If the shore authority is suspicious, this cross check can easily be performed.  There are also several analysis tools, which will quickly identify when a ship is behaving outside its normal pattern.  Shipping is a commercial industry, dependent upon schedules and routing, ships typically do the same runs over and over and over ... making it fairly easy to identify when a ship isn't behaving as expected.

And same goes for Replay Attacks…bottom line is if you're using AIS for safety or tracking applications, don't use a "hack" company for your data stream provider.  Find someone who can prove that they are delivering a secure data stream!

I also wanted to tackle some of the other points like Man-in-Water Spoofing (GMDSS response).  False alerting is certainly not an AIS problem.  All GMDSS (global maritime distress and safety system) devices are notorious for false alerts.  When an alert is received, search and rescue authorities have procedures in place to verify the alert before deploying resources.

Further, and unfortunately, AIS is still not recognized as an ALERTING device in the GMDSS system.  It is recognized as a locating device.  What does this mean ... it means that if you activate an AIS SART, it does not guarantee any rescue effort at all ... just that when an actual ALERT is received (voice on channel 16, EPIRB activation, etc.)  , the AIS may be used to locate you.

Let’s talk about frequency hopping or in AIS language this is called channel management and it does allow the authority some latitude to manage the VHF Data Exchange (VDE).  This control allows everything from changing the reporting rate, to changing the channel completely.  However, it should be noted, that a ship that "disappears", especially in a pirate zone, is just as much a red flag as an actual MAYDAY.  Again, here is where satellite has an advantage because we see when a ship disappears even when it is in the middle of the ocean far away from any shore authority. 

It should also be noted, that the AIS can only be moved onto a different channel within the maritime band, and it is easy enough to sweep the channels to find where a ship may be broadcasting.

Fake Closest Point of Approach (CPA) is almost a moot point against AIS because AIS doesn’t provide CPA.  If a system is doing this, then it is being done post process.  Again, if you’re purchasing software that provides CPA, make sure it is using radar as its primary source, only augmenting the radar data with AIS information.  It should NEVER only use the AIS to compute the CPA.

As far as arbitrary weather forecasts are concerned, this is binary that has been defined by the IMO and is intended to one day provide a truly global weather map, taking advantage of weather from shore authorities, buoys, and even other ships.  It is true that the binary can be spoofed, but again it must be noted that every ship has multiple sources for weather information, and cross checks (remember the window is there too) that all should also be applied.  When the IMO vision is eventually realized, then errant or spoofed weather binaries will be easily identified through cross checks with other received weather binaries from literally hundreds of sources.

I hope this post will clear some things up about the idea of hacking into AIS.

Topics: IMO, Radar, AIS, AIS Testing, GMDSS, Hacking, Hacking AIS

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all

Follow Me