A team of white-hat hackers recently figured out how to break into the navigation technology used to track 400,000 shipping vessels worldwide. With this kind of access they could hypothetically make it appear as if a fleet of mystery ships was about to invade New York City. This is not good.
The affected system is known as the Automatic Identification System (AIS), and it's used by port authorities and shipping vessels alike to keep track of nearby craft. Because the systems evidently lacked security controls, researchers from cybersecurity firm Trend Micro were able to waltz right in and cause trouble using cheap radio equipment. They could make fake ships appear out of nowhere, real ships disappear inexplicably and create fake emergency alerts. In one case they made a real tugboat disappear from the Mississippi River and appear in a lake near Dallas.
Remember the series of horrifying cyber attack scenarios President Obama's suggested could cause real world damage? This is one of them. The fake fleet is one thing, but if the bad hackers decided to take advantage of this vulnerability, the limits of the damage they could cause would be bound only by their creativity. And this isn't even the only major security vulnerability that's been revealed this year. Earlier this year, some students from the University of Texas figured out how to steer an $US80 million yacht off course using fake GPS signals. Think of the fun the pirates would have with these hacks!
The good news is that the good guys got to this one first. The Trend Micro team just presented the findings of their research at the Hack in the Box conference, and hopefully the people behind AIS will at least add some encryption software to the system before Ghost Ship becomes more than just a B-movie. [Tech Review]