VDR stands for voyage data recorder, and is a black maritime box. The system typically consists of a central unit that gathers data from bridge equipment and sensors and saves the data on internal hard drives. This unit is connected to an enclosure that is fixed or floating free and is designed to resist fire as well as pressure from deep seas and shock. The device is usually attached to a vessel and the capsule is put in an easy-to-reach location for quick retrieval in case of a marine casualty.
The current security standards for vdr systems include specifications to ensure that the device is easily what is the purpose of a data audit accessible and retrieved by investigators following a maritime accident. These standards could create vulnerabilities that allow an attacker manipulate the device or alter or destroy evidence. This article explains how these risks can be minimized without compromising the device’s capabilities or limiting access to critical information about accidents.
The attacks described in this article highlight the fact that many VDRs use generic interfaces, like USBs, for downloads and updates. These interfaces expose the devices to a vast range of threats and could be exploited using widely available tools. The solution is to secure the device by using specific custom interfaces would lower the risk that these kinds of attacks could be repurposed. Additionally the requirement of a key or other secure way to access the ports could make them more secure and add additional security.