Hacked at sea: Researchers find ships’ data recorders vulnerable to attack

A voyage data recorder recovery capsule aboard a container ship. Some VDRs may be an easy target for hackers--or crew members who don't want what they've done to be recorded. (credit: Hervé Cozanet)

When the freighter El Faro was lost in a hurricane on October 1, one of the goals of the salvage operation was to recover its voyage data recorder (VDR)—the maritime equivalent of the "black box" carried aboard airliners. The VDR, required aboard all large commercial ships (and any passenger ships over 150 gross tons), collects a wealth of data about the ship's systems as well as audio from the bridge of the ship, radio communications, radar, and navigation data. Writing its data to storage within a protective capsule with an acoustic beacon, the VDR is an essential part of investigating any incident at sea, acting as an automated version of a ship's logbook.

Sometimes, that data can be awfully inconvenient. While the data in the VDR is the property of the ship owner, it can be taken by an investigator in the event of an accident or other incident—and that may not always be in the ship owner's (or crew's) interest. The VDRs aboard the cruise ship Costa Concordia were used as evidence in the manslaughter trial of the ship's captain and other crewmembers. Likewise, that data could be valuable to others—especially if it can be tapped into live.

It turns out that some VDRs may not be very good witnesses. As a report recently published by the security firm IOActive points out, VDRs can be hacked, and their data can be stolen or destroyed.

Read 7 remaining paragraphs | Comments