AIS EXPOSED. UNDERSTANDING VULNERABILITIES AND ATTACKS 2.0 presented at BlackhatAsia 2014

by Marco ‘embyte’ Balduzzi,

Summary : Automatic Identification System (AIS) is a promoted standard and implementation for vessels traffic safety and monitoring. With more than 400,000 installations worldwide, AIS is currently mandatory for commercial vessels and a de-facto solution for leisure crafts since 2006. In our research on AIS, we identified numerous vulnerabilities and problems affecting both the implementation of AIS services, that collect/provide access to AIS data, and the foundations of the AIS protocol used in radio-frequency (RF) communications. Our concerns affect all AIS transponders deployed on ships worldwide. This talk is divided in two parts: We first introduce the audience to AIS and the problems that we identified, and then we disclose and discuss a series of novel 2.0 vulnerabilities and attacks.