The team, made up largely of Italian experts, developed the system by exploiting loopholes in existing globally-used vessel tracking system.
"At the Hack In The Box 2013" security conference here, the team felt that the popular Automatic Identification System (AIS) - used in over 400,000 installations - was not at all secure.
To explain their point, they showed how they were able to create an imaginary ship, complete with identity code, tonnage and even geographical coordinates off the Italian port city of Genoa earlier this year.
A senior threat researcher with IT security vendor Trend Micro, Balduzzi, his colleague Kyle Wihoit and independent researcher Alessandro Pasta studied the AIS, before coming up with attacks using the Internet and radio frequencies.
According to Balduzzi, AIS transponders are required to be installed in cargo ships weighing above 300 tons and all passenger-carrying vessels.
Starting about six months ago with some homemade equipment, the three were able to come up with at about eight types of security attacks.
In one case, they showed how an attacker could masquerade as a port authority and tell ships to change their AIS radio frequencies, isolating them from the rest of the world.
Calling it frequency-hopping, Pasta said; "The port authorities have the power to remote control the AIS installed in a vessel to switch (radio) frequencies".
"You can completely isolate a vessel, and only the attacker will know about the ship's state," he said.