Overview
Explore the vulnerabilities and potential attacks on Automatic Identification Systems (AIS) in this comprehensive Black Hat conference talk. Delve into the intricacies of AIS, including its application layer and required installation. Learn about various attack vectors such as programming malicious routes, hijacking through rogue gateways, and man-in-water spoofing. Discover advanced techniques like frequency hopping, CPA alerting, and malicious weather forecasting. Examine denial-of-service attacks, including slot starvation and timing attacks, as well as application layer vulnerabilities. Gain insights from real-world experiments and responsible disclosure practices. Conclude with a discussion on proposed countermeasures to enhance AIS security.
Syllabus
Intro
Outline
Automatic Identification System
Required Installation
AIS Application Layer
Example
Programming a malicious route
Hijacking (Rouge Gateway)
Our Testing Lab
AIS Transmitter
Man-in-water Spoofing
Frequency Hopping (DoS++)
CPA Alerting
Malicious Weather Forecasting
Slot Starvation (DoS++)
Timing Attack (DoS++)
Attack the Application Layer
Real-World Experiment
Responsible Disclosure
Proposed countermeasures
Taught by
Black Hat