Update 3 hours later: I impressed by the interaction around these
articles that have happened. Sean has been too kind in mentioning
some of the material I pointed him to in the article. Rapid 7 folks
have been working to clarify what they meant by their writing.
Thanks to Brendan Kenny, I just saw this: Sean Gallagher at ars technica wrote Good Morning, Captain: open IP ports let anyone track ships on Internet In 12hrs, researchers log more than 2GB of data on ships due to Automatic ID Systems.
This article is so totally wrong with it's conclusions. The issues are open ports that could possibly be DOS'ed (denial of serviced) or exploited/pwned. AIS is a broadcast technology meant for public consumption.
Note: emphasis added.
According to a USCG Rear Admiral Brian Salerno in official documentation from back in 2009, which I received directly from the USCG:![]( "USCG says no privacy")
Rapid 7's analysis gets closer to the mark with this:
See also: AIS Security and Integrity post by me back in Nov 2012 for more concepts.
Thanks to Brendan Kenny, I just saw this: Sean Gallagher at ars technica wrote Good Morning, Captain: open IP ports let anyone track ships on Internet In 12hrs, researchers log more than 2GB of data on ships due to Automatic ID Systems.
This article is so totally wrong with it's conclusions. The issues are open ports that could possibly be DOS'ed (denial of serviced) or exploited/pwned. AIS is a broadcast technology meant for public consumption.
Note: emphasis added.
For many of the ships, the vessel's name was included in the broadcast data pulled from the receivers. For others, the identification numbers broadcast by their beacons are easily found on the Internet. By sifting through the data, the researchers were able to plot the location of individual ships. "Considering that a lot of military, law enforcement, cargoes, and passenger ships do broadcast their positions, we feel that this is a security risk," Guarnieri wrote.Guarnieri needs to do a little more research before making statements like this. Even if you plugged all these holes, AIS ship tracking data is considered open data and would still be generally available through many sources for prices ranging from free to expensive. Military vessels that are transmitting in the clear either intend to let people know or are to dumb to make sure they are either in listen only mode or turn on blue force encryption (that that still allows direction finding of them).
According to a USCG Rear Admiral Brian Salerno in official documentation from back in 2009, which I received directly from the USCG:
As a broadcast system (where communications are intended to be received by the public), there is no expectation of privacy of any transmitted position, binary, or safety related messages, or any information transmitted on AIS."
Rapid 7's analysis gets closer to the mark with this:
A quick fingerprint shows that many of the systems identified have open telnet shells, web interfaces, and VNC servers, and many of these are connected to old and vulnerable versions of Windows.Being pwned is generally bad, but if people are relying on this data, then doing a DOS or injecting / removing data could do unpleasant things that range from implying false cargo movements that might impact prices to adding confusion to situation awareness increasing the chances of accidents or drawing attention from bad behavior.
See also: AIS Security and Integrity post by me back in Nov 2012 for more concepts.