Investigating the Security and Accessibility of Voyage Data Recorder Data using a USB attack

Abstract

Voyage Data Recorders (VDR) or 'black boxes' for ships hold critical navigational and sensor data that can be used as evidence in an investigation. These systems have proven extremely useful in determining the cause of several previous shipping accidents. Considering the importance of the VDR and the increasing number of cyber-attacks in the maritime sector, the likelihood of it being attacked is high. This paper examines the security and accessibility of VDR data through a malicious USB device. A USB device is used after a series of tests, detailed in this paper, found it to be a viable way to compromise a VDR system. Intensive penetration testing was performed on a VDR, and this paper presents the four key highlights from the authors’ tests. The results show that real-world VDR data might not be secure from an insider threat with little to no cyber knowledge, and future VDRs may open that up to more outsider attackers. For a device like VDR, where confidentiality, integrity and availability of data are critical, a cyber-attack could therefore lead to serious repercussions.