http://www.darkreading.com/attacks-breaches/researchers-highlight-security-vulnerabi/240162568
By Brian Prince
Dark Reading
October 11, 2013
When it works normally, the Automatic Identification System (AIS) used by
ships can be a captain's best friend, helping him or her avoid collisions
on the high seas. Under the control of a hacker however, AIS could become
a captain's worst enemy.
At the upcoming Hack in the Box Security Conference in Malaysia, a team of
security researchers are preparing to demonstrate how an attacker could
hijack AIS traffic and perform man-in-the middle attacks that enable them
to turn the tracking system into a liability.
AIS is an automatic tracking system intended to help identify and locate
vessels electronically to help avoid collisions on the water. AIS
transponders on the ships include a GPS receiver and VHF transmitter,
which transmits information to other vessels or base stations. AIS is
required on many vessels, including international voyage ships weighing
300 tons or more and all passenger ships regardless of size.
According to Trend Micro's Kyle Wilhoit, one of the researchers who worked
on the project, says the attacks can be broken up into two categories:
those that target the AIS Internet providers that collect and distribute
AIS information, and those that target flaws in the actual specification
of the AIS protocol used by hardware receivers in all of the vessels.
Without getting too deep into the vulnerabilities ahead of the
presentation, which is slated for Oct. 16, Wilhoit explains that the
upstream providers fail to authenticate AIS sentences coming from ships.
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
