AIS Spoofing - Serious Security Risk

[rgleason]

https://www.technologyreview.com/s/6...---4.0-styling

[fogmachine]

Getting Shanghai-ed, high-tech style. A RDFs should be able to triangulate on the source if anyone cares.

[rgleason]

Good idea, but maybe AIS is too loose in terms of security and we need new standard and new transmitters and devices.


Think of being able to move Virtual ATONS which are being used more and more?

[fogmachine]

Since they're coming from satellites ~12000 miles away GPS signals are fairly weak and easy to overpower.

"Bad actors" (your choice what that means) have been spoofing GPS for a while, supposedly in the Middle East they've used it to hijack and capture reconnaissance drones. Wherever Putin travels his security forces spoof GPS in the neighboring areas.

The gear needed is pretty small; if society moves to automated cars guided by GPS in a near future, imagine the carnage if someone decided to fire up a few spoofing shoeboxes just for yucks.

I've heard that the Coast Guard can triangulate VHF transmissions both to locate people in emergencies and to find bozos that think the marine bands are a CB. The FCC has (or at least had) RDF-equipped vans for tracking down rogue transmitters. This sort of tech is needed when you're living by the sword.

[LongRange]

Avery interesting article indeed. Most of these maritime technology protocols seem anachronistic in terms of their security naivete. There is virtually no provision for authentication or authorization layers, and retrofitting is presumably infeasible due to the huge amount of kit already in circulation.

It does not make sense to me that any nation would be experimenting with large-scale jamming and spoofing right in the centre of its busiest home waterways, where the potential for carnage is greatest, and the chances of detection and reporting are very high. That is perhaps sensationalism, but there is no doubt that every larger nation has developed weaponised means of disrupting navigational aids.

[fogmachine]

Yes, they are indeed anachronistic in a technical sense - the GPS system has been fully operational since 1993, after network viruses were invented but long before anyone thought they'ed be used every day by billions of cell phones. As a broadcast-only system it's going to be hard to safeguard - remember how quickly the keys to DVDs and Blu-Ray DVDs made it to the Internet?

[Dsanduril]

Combine that with this 10-year-old USCG Safety Alert that I initially saw on another CF thread. How many of us knew that you could make significant and unannounced changes to our AIS transponders remotely? And with no authentication. Doesn't seem too hard to imagine someone creating a broadcast and hijacking many AIS features.

[BlackSea]

A lecture in this regard from BlackHat 2014 Conference

https://www.youtube.com/watch?v=5rt9dzu3I7U

[teddythetwig]

Two interesting stories:
Sailing off of Finisterre, a boat in our general area was transmitting over 16 for a few hours. FTC was frantically calling every boat in the area trying to find the culprit, they had each boat go completely silent one by one, i.e. turning off the electric to make sure there was no device transmitting interference somehow. It eventually turned out that a crew on one of the boats had wedged the remote into a cushion holding down xmit.

Second, if you have ever been around the straight of Gibraltar, you will hear kids(?) From either the coast of Morocco or Spain calling out to big ships transiting the straight pretending they are about to be run over by the larger ship.

Both of these just show me that data over vhf needs to be backed up by visual inspection. You can't blindly trust AIS or someone over the radio as there is almost 0 accountability.

[fgd3]

That was a very interesting article but I'm concerned it did not report an accurate picture of the situation. The author seems to confuse GPS and AIS.


The loss of GPS position was likely due to interference with the satellite signals, or jamming, which could be intentional or inadvertent. GPS signals are microwave frequency, while AIS uses two channels in the VHF marine spectrum. To lose data from both devices at the same time suggests the presence of a very strong electrical signal that overwhelms all radio reception. The article didn't mention the failure of bridge-to-bridge or bridge-to-shore VHF communications, though, so perhaps what was meant by "its AIS transponder had failed" was the AIS was not reporting GPS positions from any nearby ships. That would be expected in an area where GPS receivers experienced a blackout.


This sentence concerns me as well: "it and its neighbor had also been spoofed—their true position and speed replaced by false coordinates broadcast from the ground." That isn't the way GPS works. Coordinates are not broadcast--either from satellites or from the ground. GPS receivers calculate their position from the time it takes signals from four satellites to reach them, a trick they accomplish by trying various time corrections until one yields a single-point fix. Retransmitting satellite signals with a slight delay and at sufficiently higher power to make the GPS receivers accept the delayed signals would cause all affected receivers to report erroneous, but different positions. That doesn't explain the circles, though.


The article's attempted explanation of the GPS system is incorrect. Three satellites would be sufficient to fix the receiver's position if the receiver's clock were perfectly synchronized with the clocks aboard the satellites. The fourth satellite signal allows the receiver to adjust its internal clock until it yields a good fix. By assuming the receiver is at mean sea level time correction and a fix can be obtained with just three satellites.



This doesn't make sense to me: "While GPS satellites broadcast several different signals intended for both military and civilian use, AIS relies on just one of them." AIS transmits a GPS position and additional data about a vessel over marine VHF frequencies. There's nothing special about a position reported by an AIS transponder. It depends on how good the GPS receiver is which it uses for position information.


Fabbian

[rgleason]

Very good analysis Fabbian. Leaving your question "That doesn't explain the circles, though."

I wonder if this is a bogus article? How could this circle be accomplished?

[fgd3]

I don't think it is a bogus article, merely a poorly researched one. The author didn't take the time to properly understand and explain GPS and AIS. That doesn't mean GPS spoofing isn't a problem. It is. This article by Todd Humphreys and Mark Psiaki discusses experiments with devices to spoof GPS and detect such spoofing.


https://spectrum.ieee.org/telecom/se...-of-navigation


We'll have to keep looking for more information on the "crop circles" described in the Mark Harris article.


Fabbian

[ShoreFun]

So let us put this into perspective.

You can buy a $300 Software Defined Radio that transmits. It kind of does not care what frequency it transmits on so GPS, AIS no big deal.

You can go out on the web and find software that does stuff, no problem- well really a big problem. So you go and get a GPS freq antenna and get the spoofing software and muck with the GPS for all the devices say in a couple of mile radius. Let us just shift a bit to the right. You can also record some data say in Boston and steal a car in Miami. Turn on your spoofer and the police are now looking in Boston. Meanwhile you load it in a container and send to points elsewhere.

Then there are the jammers. For a few bucks you can get a Jammer that does GPS, Cell and a few other things. Basically turn off all devices in a few mile radius. Imagine trying to land a plane and a GPS jammer resets the landing system. This actually happened in Newark. A guy bought one so he could not be tracked in his work truck. Yes, they can find the jammers and now it is a $50,000 fine. Yes they are now set up to catch you and give this fine so do not try it.

Poke around the web some. Look up SDR and AIS cause a $20 SDR and some free software can let you set up you own AIS. You can even make an ADSB receiver and see what airplanes are flying overhead.

[bdbcat]

More perspective...


Crop circles:

No need to "spoof" GPS. With an SDR transmitter, one can craft valid AIS messages to place a "virtual" ship with arbitrary MMSI at any chosen lat/lon. Assuming it is properly encoded, formatted, and synchronized, the message will be accepted by all AIS receivers as a valid message. Plotters will see circles, or any other interesting graphic the hacker may want to render, "etch-a-sketch" style.



Be alert....

Dave

[valhalla360]

Quote:

Originally Posted by fogmachine

The gear needed is pretty small; if society moves to automated cars guided by GPS in a near future, imagine the carnage if someone decided to fire up a few spoofing shoeboxes just for yucks.

No one is doing an automated car system using only GPS. They all include other sensors to look at the local surroundings.

At worst, it would cause some congestion as cars come to a stop while figuring things out.

I would expect similar issues in the marine world as ships pull up or turn when AIS shows a conflicting vessel but the watch sees none.

Yes, it's a problem but carnage while possible is unlikely.