Roberto
Well-Known Member
Now on MarineTraffic
AIS - Who said it couldn't be hacked?
- Thread starter Roberto
- Start date
[70521]
Well-Known Member
That's a web site not AIS.
RichardS
N/A
Has anyone said that the website couldn't be hacked? 
Richard
Richard
Roberto
Well-Known Member
It seems to have now disappeared. All the positions were sent via regular radio AIS (the receiving marinetraffic station was number 361, nemad and possibly located in Bastia).
The transmitting station was/is in Calvi, MMSI from Cayman Island, he obviously never moved and managed to send fake positions from where he was, pretty much like ais virtual AtoN.
Someone with an ais receiver at sea would have seen the same result.
The transmitting station was/is in Calvi, MMSI from Cayman Island, he obviously never moved and managed to send fake positions from where he was, pretty much like ais virtual AtoN.
Someone with an ais receiver at sea would have seen the same result.
GHA
Well-Known Member
How can you know it wasn't a local kid with a transmitter using a random mmsi picked from the web? Or that someone hadn't hacked into 361's account and added the messages that way? Prob not very hard once you have the password. No other station picking up the radio transmitted messages? What was the mmsi?
[163233]
...
Surely AIS is pretty easy to hack?
Does it actually have any security features at all?
Does it actually have any security features at all?
GHA
Well-Known Member
Istr the radio signal format isn't readily available though must be somewhere on the Web. Iirc marine traffic you have a station Id and port no, anyone with these could likely send messages to marine traffic, seems more likely in this case.
knuterikt
Well-Known Member
Who said that AIS can't bee spoofed or hacked?
in fact both Synthetic AIS AtoN's and Virtual AIS AtoN's are valid "spoofing" as the position that is broadcast is not the same as the position the transmitter is located in'.
Not that difficult for someone with bad intentions to do the same.
I don't know what we see here is bad input or if someone have hacked MarineTraffic: Global Ship Tracking Intelligence | AIS Marine Traffic
In the app it's also possible to send position data not originating from AIS
in fact both Synthetic AIS AtoN's and Virtual AIS AtoN's are valid "spoofing" as the position that is broadcast is not the same as the position the transmitter is located in'.
Not that difficult for someone with bad intentions to do the same.
I don't know what we see here is bad input or if someone have hacked MarineTraffic: Global Ship Tracking Intelligence | AIS Marine Traffic
In the app it's also possible to send position data not originating from AIS
Daverw
Well-Known Member
Could this only be seen if receivers were local and in range to the original transmission if via radio, also they would have needed to be on a world map to see the reported location if as you say the original appeared to be from the Cayman Island
Roberto
Well-Known Member
Good, so we all seem to agree that with a bit of fiddling anyone can broadcast *any* AIS position and navigation data through radio, not only Authorities entitled to broadcast AtoN data.
I often read here "you cannot have false vessel position as the GPS is mandatorily connected only to the ship AIS transmitter", just saying it is not the case (as sometimes fishing vessels have also shown, sending positions miles away from their real ones).
Then if it is a kid or a seaman bothered during Covid isolation I do not know.
FWIW, these were printscreened this morning, the MMSI has possibly been deleted by MarineTraffic on their site, neither the MMSI nor the ship Callsign ZCOH3 exist in the ITU Station data base.
The last image indicates the coastal radio receiving station having sent the data to MarineTraffic, #361.
I often read here "you cannot have false vessel position as the GPS is mandatorily connected only to the ship AIS transmitter", just saying it is not the case (as sometimes fishing vessels have also shown, sending positions miles away from their real ones).
Then if it is a kid or a seaman bothered during Covid isolation I do not know.
FWIW, these were printscreened this morning, the MMSI has possibly been deleted by MarineTraffic on their site, neither the MMSI nor the ship Callsign ZCOH3 exist in the ITU Station data base.
The last image indicates the coastal radio receiving station having sent the data to MarineTraffic, #361.
laika
Well-Known Member
Indeed. There seems to be a number of decisions in the marine world in the 21st century where it's like the previous 2 decades of computing never happened. 9 digit MMSIs. What could possibly go wrong with that?
Lucky Duck
Well-Known Member
Previously on these forums, via AIS websites, we have had ships continuing up the Greenwich Meridian into Bedfordshire, pleasure vessels providing dimensions comfortably larger than the world's largest ships and some small scale 'virtual ATON's such as those in Bembridge approach channel so none of this should really come as a surprise..
dunedin
Well-Known Member
Probably an April Fool that got executed a day late?
GHA
Well-Known Member
Much, much more than a bit of fiddling though to create a radio transmitter sending ais messages over VHF, definitely not achievable by *anyone*. Seems much more likely in this case that it's just spoof nmea data sent to marine traffic over the Web, that would be pretty easy, less than a second on Google found some python to create the nmea messages.
Doubt if you'd get away with broadcasting spoof data over the airwaves for long, wouldn't be that hard for the local authorities to watch the timing and triangulate the transmitter position. Then you'd be in *big* trouble
[163233]
...
I agree that it's more likely the site itself that has been erm.. "edited".
But I bet a half decent hobbyist electronics type with a spare radio could knock it together in no time.
https://www.itu.int/dms_pubrec/itu-r/rec/m/R-REC-M.1371-5-201402-I!!PDF-E.pdf
Hobbyist receivers already exist, seems a short leap when you can buy an off-the-shelf radio for it rather than meddling with SDR.
AIS
RTL SDR AIS Driver - Apps on Google Play
I'm really not convinced it's especially hard.
But I bet a half decent hobbyist electronics type with a spare radio could knock it together in no time.
https://www.itu.int/dms_pubrec/itu-r/rec/m/R-REC-M.1371-5-201402-I!!PDF-E.pdf
Hobbyist receivers already exist, seems a short leap when you can buy an off-the-shelf radio for it rather than meddling with SDR.
AIS
RTL SDR AIS Driver - Apps on Google Play
I'm really not convinced it's especially hard.
lw395
Well-Known Member
The question is, did this ever appear on anyone's plotter or ais receiver, or was it just on the web?
AIS is quite trivial to hack, it is also fairly simple to turn the hacker's transmitter into a golf bunker.
AIS is quite trivial to hack, it is also fairly simple to turn the hacker's transmitter into a golf bunker.
GHA
Well-Known Member
Let's us know when you've made one then
How would you do it?[163233]
...
Ah but I am a simple soul far beyond the likes of me..Let's us know when you've made one then
GHA
Well-Known Member
I actually went and got a full ham license for offshore email, but ais transmit is all quite a bit beyond me. Played around with digital modes like psk & wspr, for to Australia once on 5w with wspr. Though not sure if you could key off the shelf radios to get the microsecond accuracy requires. Could be a custom build transmitted and a couple of receivers, receiving is easy. Think your definition of half decent electronics bloke and mine might be quite different....
Interesting though
[163233]
...
Someone has made a start on one it seems.
peterantypas/ais_transponder
I agree that it'd require rare talent, but then so do most abuses of technology and yet they happen on a regular basis.
peterantypas/ais_transponder
I agree that it'd require rare talent, but then so do most abuses of technology and yet they happen on a regular basis.
