Skip to content

2013 Press Release

Trend Micro Warns of Vulnerabilities in Global Vessel Tracking Systems

Providers of AIS tracking system advised on possible inflection point

Taipei , 22 October , 2013 – A global leader in security software, Trend Micro Incorporated (TYO:4704; TSE:4704), warns of vulnerabilities discovered in global vessel tracking systems like the Automatic Identification System (AIS). When compromised, communications of existing vessels can be hijacked to create fake vessels, trigger false SOS or collision alerts. With the AIS as a mandatory vessel tracking system for all passenger (regardless of size and weight) and commercial (non-fishing) ships over 300 metric tons, the risks go beyond monetary to include criminal activities like piracy.

What makes the AIS protocol vulnerable?

Trend Micro found four key issues with the AIS protocol, namely:

  • Lack of validity checks: The lack of geographical validation meant that it is possible to send an AIS message from any location for a vessel at another location.
  • Lack of timing checks: With no timestamp information included in the message, cybercriminals can manipulate and replay valid AIS information at their choosing.
  • Lack of authentication: Without authentication built into the AIS protocol, anyone with the ability to craft an AIS packet, impersonation of any other vessel can occur.
  • Lack of integrity checks: All AIS messages are sent in an unencrypted and unsigned form makes it easy for interception and modification.

Manipulation of information through AIS protocols steering ships astray

Attacks can be executed on two fronts – the main AIS Internet providers and the actual specification of the AIS protocol used by hardware transceivers.

Forward Looking Threat researchers at Trend Micro found that the main AIS Internet providers that collect AIS information and distribute them publicly have vulnerabilities that allow attackers to tamper with valid AIS data and inject invalid AIS data. These include the modification of all ship details from its position, course, cargo, flagged country, speed, name and Mobile Maritime Service Identity. Scenarios include the creation and modification of Aid to Navigations entities like buoys and lighthouses that could lead to harbor entrance blockages or even shipwrecks! With the power to change information, cybercriminals now have the ability to manipulate vessels, with unthinkable consequences.

With flaws discovered in the actual specification of the AIS protocol used by hardware transceivers in all mandatory vessels, Trend Micro also warns of authority and alert impersonations, triggering false positives or sending out incorrect information that could lead to accidents. Other scenarios include the permanent disabling of a vessel’s AIS, where without one, the ship and its crew become more vulnerable to attacks from lurking pirates without warning from authorities. Cybercriminals could also leverage the issuance of a fake Closest Point of Approach alert, where a false collision warning is sounded off, possibly triggering the vessel to recalculate a course to avoid collision and into the intended direction set by waiting criminals.

"Leaving no stone unturned, cyber criminals are always coming up with new ways to exploit vulnerabilities. These scenarios depict how cybercriminals can cause harm to the maritime and shipping industry, through manipulation of the communication and information. There is a need for businesses and the authorities to take heed, be vigilant and better protected against such threats." said Kylie Wilhoit, Forward Threat Researcher, Trend Micro.

Trend Micro urges the maritime and shipping industry to stay vigilant, and perform regular checks against alternative sources, like manual navigation systems, on information obtained from AIS. In addition, as providers look to improving current AIS, Trend Micro highlights three core issues in need for incorporation of defenses to be heightened: validity, authentication and encryption.

For more information and updates on the AIS vulnerabilities, please visit:

Trend Micro’s blog post on other ways AIS can be compromised, please visit this link.

HITB Security Conference Presentation by Kylie Wilhoit, Forward Threat Research, Trend Micro, on the vulnerability can be found here.

About Trend Micro

Trend Micro Incorporated, a global leader in security software, strives to make the world safe for exchanging digital information. Our solutions for consumers, businesses and governments provide layered data security to protect information on mobile devices, endpoints, gateways, servers and the cloud. Trend Micro enables the smart protection of information, with innovative security technology that is simple to deploy and manage, and fits an evolving ecosystem. All of our solutions are powered by cloud-based global threat intelligence, the Trend Micro™ Smart Protection Network™ infrastructure, and are supported by over 1,200 threat experts around the globe. For more information, visit

Connect with us on