Black boxes aboard ships hold valuable information, which would explain why hackers can attack them as well
Voyage data recorders or VDRs happens to be one of the most crucial parts of a commercial ship. On October 1, when the freighter El Faro was lost thanks to a hurricane, a salvage group was sent and their very first task was to recover the data recorder, which was a high value target.
So what are data recorders? Any passenger ship that weighs in excess of 150 tons must have a data recorder present on it since it collects a wealth of data concerning the ship’s systems as well as audio from the bridge of the ship, radio communications, radar, and navigation data. Data recorders also help to uncover the mysteries of a ship in case the vessel has suffered a severe accident of any kind. However, while this data is valuable for a lot of purposes, it also becomes a high value target for hackers.
According to a report recently published by the security firm IOActive, video data recorders can easily be hacked, and apart from being hacked, that valuable information can either be stolen or destroyed; whatever fulfills the agenda of hackers. In order to counter such activities, The US Coast Guard is developing policies to help defend against transportation security incidents, which are caused thanks to cyber-attacks against shipping.
Also, some ship operators might not want these data recorders to be secure since there are occasions where ships are operating outside the law of environmental issues, and these are the times that a data recorder would be most handy in preventing ship operators from working outside of the law. Some data recorders use Microsoft’s outdated Windows XP operating system, which has stopped receiving security and regular updates since a very long period. These data recorders will obviously provide a golden opportunity for hackers, unless of course the data has been transferred to a more secure platform, or at the very least, a different industrial and real-time operating systems.
According to the security report, IOActive states that only security patches are going to brought forward in order to secure the data, rather than using a different operating system to carry that sensitive data with it. While we would be very optimistic to state that patching up a security vulnerability would be sufficient to keep hackers at bay, but it looks like the authorities are going to learn their lesson soon enough in the near future.