Maybe you shouldn't rely on AIS then.

[alant]

Ship hack 'risks chaos in English Channel' - http://www.bbc.co.uk/news/technology-44397872

 

[lpdsn]

Or radar or GPS or electronic charts. Or maybe also the BBC.

Now where's that sunstone.

 

[maby]

why would anyone go to that much trouble? You can easily buy one or more AIS transmitters and configure them to send whatever information you want.

 

[Neil_Y]

Interesting but as you use all available means to identify the risks at any one time you would see on radar or by eyeball what was happening and could also call the other vessel. Not as catastrophic as it sounds, but a headache for operators.

 

[matt1]

Isn't Mr Munro of Sea Me fame? I was very grateful for his product last week in all that fog

 

[Lon nan Gruagach]

Mr Munro aka x0rz might be best sticking to rolling d20s. Since he clearly fails to understand the level of common sense that sailors use.

 

[[70521]]

Looks like the media making up another story.

 

[scotty123]

Looks like the media making up another story.

interesting statement, what makes you say that?

https://www.theregister.co.uk/2018/06/06/infosec_europe_maritime_security/

 

[flyingscampi]

Before you can use it, every device accessible over an IP network should force you to set a secure password (e.g. not 'password1'). It would also be helpful if devices didn't all use 'admin' as the username.

This is what you're up against:
https://www.theregister.co.uk/2018/06/07/vpnfilter_is_much_worse_than_everyone_thought/

This of course will mean 95% of people will no longer be able to access their device because they didn't record the password anywhere, but at least hackers can't access it either.

 

[ShinyShoe]

why would anyone go to that much trouble? You can easily buy one or more AIS transmitters and configure them to send whatever information you want.

Yes but an AIS Tx will cost you £350 each and to create enough distraction in the channel you'll need probably 5 or 6 as a minimum. As they would only be class B you still might struggle with people believing you are a 200ft tanker. You'll also find it technically difficult to spoof your location - an AIS Tx uses its own GPS not an external GPS - so you'd need to put the spoofing device out there which means its probably not hard to find you (since you are broadcasting where you are) and I'd expect Jail time.

It would **in theory** be possible to build your own transmitter, but you'll need some serious electronics know how to get it transmitting the info correctly enough to be interpreted by AIS receivers. You could *in theory* use a single transmitting location, with the Tx pretending to be multiple vessels and transmitting multiple locations etc. You'd be much harder to locate because your data transmission would last milliseconds at a time.

But neither of these options are 'free' hacks. What Munro is suggesting is he can hack the bridge from his iphone and make the change with zero effort. By the time it is spotted he is long gone.

The bit that seems to have been missed is any of these options seems a bit pointless. As in - why would someone do this? If I am a hacker I'd surely rather hack a company network etc and charge a ransom to unencrypt the machine. Where is the financial gain from blocking the English Channel.

 

[ShinyShoe]

Before you can use it, every device accessible over an IP network should force you to set a secure password (e.g. not 'password1').
...

This of course will mean 95% of people will no longer be able to access their device because they didn't record the password anywhere, but at least hackers can't access it either.

There are other options - factory passwords = serial number of device etc