Pirate Hackers Can Easily Spy on Ships Through Insecure 'Black Boxes'

Lorenzo Franceschi-Bicchierai | Motherboard | December 9, 2015

Pirate hackers could track and spy on ships and cargo vessels by remotely hacking into their “black boxes,” according to a security researcher. Ruben Santamarta, a security researcher at the well-known firm IOActive, found that a particular model of Voyage Data Recorder (VDR), the popular Furuno VR-3000, a device that’s essentially the equivalent of an aircraft’s black box, has several bugs that make it very easy for the crew to tamper with it or for a hacker to hack it remotely.

“Basically, almost the entire design should be considered insecure,” Santamarte wrote in a blog post published on Wednesday. “Remote attackers are able to access, modify, or erase data stored on the Voyage Data Recorder, which includes voice conversations, radar images and navigation data." The vulnerabilities he found in the VR-3000 make it “really easy to hack into these devices,” Santamarta told Motherboard in a phone interview. "It's really easy to hack into these devices.”

While these devices should not be—and normally aren’t—connected directly to the internet, according to Santamarta, they are still connected to the internal network of the ship. So if a hacker is able to compromise the computer of a crew member and infect it with malware, it can then compromise the VDR....