Researchers from Trend Micro have been analyzing the Automatic Identification System (AIS) used to track vessels and found that they are vulnerable to cyberattacks. Currently, the system is installed on around 400,000 ships.

AIS is a tracking system that is installed on commercial ships that are over 300 metric tons, and all passenger ships. The system relies on GPS and it exchanges a vessel position, course and other information with nearby ships and offshore installations.

Marco Balduzzi and Kyle Wilhoit of Trend Micro have found that hackers can hijack the communications of ships, disable the AIS, create fake ships and even trigger fake SOS or collision alerts.

First of all, hackers can target AIS providers that collect information and distribute it publicly. The systems of these providers contain vulnerabilities that can be exploited to tamper with valid AIS data and inject invalid data.

For instance, the position, course, cargo, country of origin, speed name and Mobile Maritime Service Identity (MMSI) status of a ship can be changed. An attacker can also create fake vessels, for instance place an Iranian vessel packed with nuclear cargo on the U.S. coastline.

Cybercriminals can leverage the vulnerabilities to create and modify buoys and lighthouses. They can also create and modify search and rescue aircraft.

In addition to the vulnerabilities in the systems of the service providers, the researchers have also uncovered security holes in the AIS protocol itself.

These flaws can be exploited to disable AIS on a vessel. In a plausible real life scenario described by the experts, Somalian pirates can make a ship that enters their sea space disappear from AIS, but they can still be able to track it.

The AIS protocol vulnerabilities can also be leveraged to fake a man in the water distress signal, fake a closest point of approach alert and trigger a collision alert, send false weather information to a ship, and launch a flood attack by sending AIS traffic much more frequently than is normal.