Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Ship Data Recorders Vulnerable to Hacker Attacks

The voyage data recorders used on ships are plagued by many serious vulnerabilities that expose the devices to hacker attacks, researchers have warned.

The voyage data recorders used on ships are plagued by many serious vulnerabilities that expose the devices to hacker attacks, researchers have warned.

A voyage data recorder, or VDR, is the equivalent of a black box on an airplane. The data recording system collects information from various sensors — including position, speed, radar, and audio recordings from the bridge — to help investigators identify the cause of maritime incidents.

Just like the black boxes on airplanes, VDRs are designed to withstand extreme shock, pressure and heat to ensure that the data stored on them is not destroyed in case of an incident.

However, there have been instances in which the data on a VDR from a ship involved in an incident had been tampered with. In an incident that took place in India, in which a cargo ship hit a smaller fishing vessel, the files on the cargo ship’s VDR were overwritten after crew members inserted a pen drive into the device. The press also reported that the ship’s main computer system was infected with malware.Furuno VDR VR3000

Ruben Santamarta, a researcher at security firm IOActive, conducted an analysis of a VDR from Furuno, a Japanese company specializing in marine electronics. Last year, Santamarta published a report on security flaws in satellite communications systems such as the ones used by ships and aircraft.

The expert hasn’t managed to obtain the actual Furuno VR3000 device for his experiments, but the VDR’s firmware and data extraction software allowed him to conduct both static analysis and QEMU user-mode emulation.

The analysis revealed many security holes, including weak encryption, insecure authentication, a flawed firmware update mechanism, and various services plagued by buffer overflow and command injection vulnerabilities.

The vulnerabilities found in the Furuno VDR can be exploited by an unauthenticated attacker with access to the vessel’s network to remotely execute arbitrary commands with root privileges and fully compromise the device. The attacker can access, modify or delete files from the VDR, including data that can be important for investigating an incident, such as radar images, navigation data, and audio recordings.

Malicious actors can also use the access to the VDR to spy on a ship’s crew, Santamarta said in a blog post.

Advertisement. Scroll to continue reading.

“Taking into account that we have demonstrated these devices can be successfully attacked, any data collected from them should be carefully evaluated and verified to detect signs of potential tampering,” the expert advised.

IOActive notified ICS-CERT about the existence of the vulnerabilities in October 2014. ICS-CERT worked with JPCERT/CC to inform Furuno, which promised to release a patch “sometime” in 2015.

IOActive says it’s not aware if a patch has been made available, but it’s worth pointing out that the VDR analyzed by the security firm, the VR3000, is no longer sold by Furuno. Santamarta told SecurityWeek that he can’t confirm if the current VDR model sold by the vendor, the VR-7000, is vulnerable.

UPDATE. Furuno says it has released new versions of the software to address the vulnerabilities in both VR-3000(S) and VR-7000 devices.

Related Reading: Satellite Telecom Vulnerable to Hackers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.