Security Experts:

Connect with us

Hi, what are you looking for?



Ship Data Recorders Vulnerable to Hacker Attacks

The voyage data recorders used on ships are plagued by many serious vulnerabilities that expose the devices to hacker attacks, researchers have warned.

The voyage data recorders used on ships are plagued by many serious vulnerabilities that expose the devices to hacker attacks, researchers have warned.

A voyage data recorder, or VDR, is the equivalent of a black box on an airplane. The data recording system collects information from various sensors — including position, speed, radar, and audio recordings from the bridge — to help investigators identify the cause of maritime incidents.

Just like the black boxes on airplanes, VDRs are designed to withstand extreme shock, pressure and heat to ensure that the data stored on them is not destroyed in case of an incident.

However, there have been instances in which the data on a VDR from a ship involved in an incident had been tampered with. In an incident that took place in India, in which a cargo ship hit a smaller fishing vessel, the files on the cargo ship’s VDR were overwritten after crew members inserted a pen drive into the device. The press also reported that the ship’s main computer system was infected with malware.Furuno VDR VR3000

Ruben Santamarta, a researcher at security firm IOActive, conducted an analysis of a VDR from Furuno, a Japanese company specializing in marine electronics. Last year, Santamarta published a report on security flaws in satellite communications systems such as the ones used by ships and aircraft.

The expert hasn’t managed to obtain the actual Furuno VR3000 device for his experiments, but the VDR’s firmware and data extraction software allowed him to conduct both static analysis and QEMU user-mode emulation.

The analysis revealed many security holes, including weak encryption, insecure authentication, a flawed firmware update mechanism, and various services plagued by buffer overflow and command injection vulnerabilities.

The vulnerabilities found in the Furuno VDR can be exploited by an unauthenticated attacker with access to the vessel’s network to remotely execute arbitrary commands with root privileges and fully compromise the device. The attacker can access, modify or delete files from the VDR, including data that can be important for investigating an incident, such as radar images, navigation data, and audio recordings.

Malicious actors can also use the access to the VDR to spy on a ship’s crew, Santamarta said in a blog post.

“Taking into account that we have demonstrated these devices can be successfully attacked, any data collected from them should be carefully evaluated and verified to detect signs of potential tampering,” the expert advised.

IOActive notified ICS-CERT about the existence of the vulnerabilities in October 2014. ICS-CERT worked with JPCERT/CC to inform Furuno, which promised to release a patch “sometime” in 2015.

IOActive says it’s not aware if a patch has been made available, but it’s worth pointing out that the VDR analyzed by the security firm, the VR3000, is no longer sold by Furuno. Santamarta told SecurityWeek that he can’t confirm if the current VDR model sold by the vendor, the VR-7000, is vulnerable.

UPDATE. Furuno says it has released new versions of the software to address the vulnerabilities in both VR-3000(S) and VR-7000 devices.

Related Reading: Satellite Telecom Vulnerable to Hackers

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet