With the advent of SDR, such attacks are becoming easier to accomplish and also come into the focus of IT (security) researches. There is already an OSS AIS decoder [1], and I suppose it will not be too hard to make an encoder.
Still, we have seen similar attack vectors to GSM (you can DoS a multi-million city with a dozen of manipulated 20$ phones), but no real attacks.
Transmitting on licensed frequencies without the proper permission is an offense in most countries, and I suppose you can be liable for the damage, provided the regulation authorities can triangulate you while you are sending out.
AIS was never designed to be secure, the easiest attack being to just jam the 2 frequencies it uses. But the AIS industry has sold itself as a safety and security device, convincing the government to mandate its carriage on ships in order to protect against terrorism.
It can quite obviously never be "secure" if the basic premise of the system is that entities self-report their location. You can only hope to make it harder to submit wrong data.
AIS is not used for navigation, or any critical decisions. It's not like it will override what the bridge sees, or what the radar picks up. ADS-B is a similar system for aircrafts, and have the same shortcomings.
No entirely true: A lot of information is transmitted via AIS these days. For example current water depths (St Lawrence Seaway or on the Danube in Europe) are transmitted and used for navigation on these waterways. You also have the possibility to place a distress signal with AIS, which would quite likely lead to a Search and Rescue operation, costing huge amounts of money and taking away resources from real emergencies.
AIS is directly connected to an ECDIS on a ship's bridge, which is the digital replacement for maritime paper charts. AIS targets are displayed in these ECDIS systems and (see above) in some regions of the world the information shown there is also influenced by AIS data.
Also a lot of ports are using AIS (together with radar) to keep an eye on the traffic - spamming those systems, which is easily possible, would quite likely cause severe troubles for larger ports like London or Los Angeles.
I'm honestly surprised that nobody has yet DoS'd a larger port or other infrastructure.
I'm honestly surprised that nobody has yet DoS'd a larger port or other infrastructure.
It's probably because most people don't want to do that. Outside of prisons, a good chunk of human safety relies on the fact that most people would rather preserve their own safety than take away that of others.
All of the ships that I have been on have the overlay feature on the ECDIS turned off. It tends to make the screen too crowded in busy ports. If the mates need to look at someone's name they just compare the reported position from AIS to position on the RADAR/ECDIS of the ship they are trying to contact.
Also, the AIS data is self reporting so if they forget to change the information then it's useless anyways. I've seen 'anchored' ships driving away at 10 knots.
It is fairly short range. 9600bps @ about 162MHz doesn't travel much further than the curvature of the earth. If you started jamming it the FCC and the Coast Guard would become interested fairly quickly since they now use this as part of the port security system.
> AIS is not used for navigation,
> or any critical decisions.
That turns out not to be the case. I know of more than one port that has not installed a radar surveillance system relying instead purely on U/AIS data, even though they have no checks that it's been correctly installed and configured.
Still, we have seen similar attack vectors to GSM (you can DoS a multi-million city with a dozen of manipulated 20$ phones), but no real attacks.
Transmitting on licensed frequencies without the proper permission is an offense in most countries, and I suppose you can be liable for the damage, provided the regulation authorities can triangulate you while you are sending out.
[1] http://gnuais.sourceforge.net/