Container ship loading plans are 'easily hackable'

Look! A pic that's not a metaphor

Security researchers have warned that it might be possible to destabilise a container ship by manipulating the vessel stowage plan or "Bay Plan".

The issue stems from the absence of security in BAPLIE EDIFACT, a messaging system used to create ship loading and container stowage plans – for example which locations are occupied and which are empty – from the numerous electronic messages exchanged between shipping lines, port authorities, terminals and ships.

The messaging standard is developed and maintained by the Shipping Message Development Group (SMDG).

Criminals less interested in destabilising ships but perhaps instead stealing goods by rerouting containers, would use "COPRAR / COPARN / CODECO / COARRI" messages instead. These deal with shipping line to terminal messaging and vice versa.

Evidence suggests that ship and terminal messaging systems have been abused at times in order to either conceal or re-route drugs or steal valuables. "We believe this was done using front end GUIs in port rather than manipulating the data itself," according to Ken Munro, a security researcher at Pen Test Partners.


BAPLIE messages, once their syntax is understood, might potentially be manipulated to change the destinations of cargo, money and more. Pen Test Partners was more interested in message subsets that are found in "LIN" line items about contents and handling for individual containers.

Most straightforwardly it's possible to manipulate container weight and thus the ship's balance.

A potential hacker would simply search the message for VGM (Verified Gross Mass). The trailing value is the weight, so changing this value to make it either lighter or heavier would mean that the vessel load-planning software would place the container in the wrong place for stability. "Some ports may intercept the wrong weight at a weighbridge or possibly at the crane, but overloading containers to save on shipping cost is already a significant issue in some regions," Munro explained.

Researchers explained that it might be possible, using similar trickery, to place a mislabelled heavy container at the top of the stack, moving the centre of gravity too high. For example, it's possible to set the handling for "load third tier on deck", so high up, out of the hold. Manipulating the weight distribution is an issue because the ship becomes more and more unstable if heavy goods are loaded higher up in the stack.

Reefer madness

Certain attributes can be set for a container to flag that it needs special handling. Manipulating the message opens the door to all sorts of mischief.

For example, the status for an aggregation of explosive materials could be changed to an batch of regular liquids. Alternatively a potential hacker could modify the flashpoint of a flammable vapour.

Refrigerated containers need special handling, as they need to be located in certain bays that have power supplies. A particular code states that the container is a "reefer", so the load plan software will sign it to a powered bay.

Mischief-makers could change the designation of a batch of goods that need refrigeration could be changed to signify normal handling or (more subtly) that the refrigeration unit is inoperative, so the goods can be placed anywhere. The consequences for a batch of prawns, for example, of such trickery would be altogether malodorous.

Certain cargoes are sensitive to strong smells, particularly coffee. Handling codes are set to place them well away from smelly things. Pranksters could potentially change the designation so that the a container full of odour-sensitive goods, such as coffee, has its door open and locate next to a container of fishmeal, which will be tagged as odorous.

To make things even worse the combo could be assigned to a hold using the "keep dry" code where there's poor air circulation.

"Whatever happens, the coffee will stink of fish on arrival at port," Munro writes.

The integrity of BAPLIE messaging is critical to the safety of container ships.

“I strongly encourage all operators, ports and terminals to carry out a thorough review of their EDI systems to ensure that message tampering isn’t possible,” Munro concluded.

The BAPLIE protocol features a literal checksum that uses the total number of message segments, including itself, but excluding the UNH message header.

"So, if you remove or add a message segment, don't forget to update the UNT [message] trailer," Munro explained. "If you’re just manipulating segment values, you don’t need to worry about UNT."

The terminal/ship/port receiving a doctored message will probably respond with a CONTRL message, acknowledging receipt.

This is much of a stumbling block, either.

"If you're intercepting and forwarding the entire EDI message stream, be prepared to spoof a message back to the sender," Munro notes. "It's easy to generate the correct CONTRL message for your modified request: there’s a generator here."

"Already there is evidence of theft of valuable items from containers in port, potentially through insider access by criminals to load information. It doesn't take much imagination to see some far more serious attacks," Munro concluded. ®

Other stories you might like

  • Running Windows 10? Microsoft is preparing to fire up the update engines

    Winter Windows Is Coming

    It's coming. Microsoft is preparing to start shoveling the latest version of Windows 10 down the throats of refuseniks still clinging to older incarnations.

    The Windows Update team gave the heads-up through its Twitter orifice last week. Windows 10 2004 was already on its last gasp, have had support terminated in December. 20H2, on the other hand, should be good to go until May this year.

    Continue reading
  • Throw away your Ethernet cables* because MediaTek says Wi-Fi 7 will replace them

    *Don't do this

    MediaTek claims to have given the world's first live demo of Wi-Fi 7, and said that the upcoming wireless technology will be able to challenge wired Ethernet for high-bandwidth applications, once available.

    The fabless Taiwanese chip firm said it is currently showcasing two Wi-Fi 7 demos to key customers and industry collaborators, in order to demonstrate the technology's super-fast speeds and low latency transmission.

    Based on the IEEE 802.11be standard, the draft version of which was published last year, Wi-Fi 7 is expected to provide speeds several times faster than Wi-Fi 6 kit, offering connections of at least 30Gbps and possibly up to 40Gbps.

    Continue reading
  • Windows box won't boot? SystemRescue 9 may help

    An ISO image you can burn or drop onto a USB key

    The latest version of an old friend of the jobbing support bod has delivered a new kernel to help with fixing Microsoft's finest.

    It used to be called the System Rescue CD, but who uses CDs any more? Enter SystemRescue, an ISO image that you can burn, or just drop onto your Ventoy USB key, and which may help you to fix a borked Windows box. Or a borked Linux box, come to that.

    SystemRescue 9 includes Linux kernel 5.15 and a minimal Xfce 4.16 desktop (which isn't loaded by default). There is a modest selection of GUI tools: Firefox, VNC and RDP clients and servers, and various connectivity tools – SSH, FTP, IRC. There's also some security-related stuff such as Yubikey setup, KeePass, token management, and so on. The main course is a bunch of the usual Linux tools for partitioning, formatting, copying, and imaging disks. You can check SMART status, mount LVM volumes, rsync files, and other handy stuff.

    Continue reading

Biting the hand that feeds IT © 1998–2022