They Are Appearing on IP Radar

May 11, 2013

Being out at sea is isolating and requires a person with a certain personality capable of handling that mindset, but ARS Technica points to something interesting that may shave off some of that feeling, “Good Morning, Captain: Open Ports Let Anyone Track Ships On Internet.” It is not surprising that everything is connected to the Internet and Rapid7 Lab researchers discovered during a census of the entire Internet that there was a lot of data from ships’ Automated Identification System receivers. The receivers allow people to track ships’ movements and are placed on ships, buoys, and other navigation markers. They are used to prevent collisions, the H2O equivalent of air traffic controllers. When the researchers discovered the data, within two hours they collected more than two gigabytes on ships, including military and law enforcement.

Before you ask the question, yes it does post a security risk, because everything from safety messages to casual greetings were picked up. The alarming factor is what type of ships they came from.

“As the Rapid7 report points out (and as numerous readers have pointed out as well) the data from AIS is openly published via AIS itself and a number of websites in any case.  The data is public by nature—otherwise it wouldn’t be effective in preventing collisions at sea.  But the information collected from the AIS system itself is a vulnerable asset—the US Coast Guard counts on AIS in combination with other, secure data sources as part of its Nationwide AIS, a maritime security system.”

Attackers could spoof the data and feed misinformation to cause terror and panic. The weakness has been noted and someone is on the case, per usual. The main question is when?

Whitney Grace, May 11, 2013

Sponsored by ArnoldIT.com, developer of Beyond Search

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta