VDR is the voyage data recorder also known as a black box. The typical system consists of a base unit that gathers data from bridge equipment and sensors and stores the data on internal hard drives. This unit is connected to the capsule, which is a protective device that is fixed or floating-free, and is designed to resist fire as well as pressure from deep seas and shock. The device is typically attached to a vessel and the capsule is placed in a position that is easily accessible to facilitate quick retrieval in the event of a marine casualty.

The current security standards for vdr systems include specifications to ensure that the device can be easily accessed and returned by investigators following a maritime incident. However, these standards can also introduce vulnerabilities that could allow an attacker to manipulate the device and destroy or alter evidence. This article demonstrates how the risks can be reduced without compromising the vdr system capabilities of the device or restricting access to vital accident report information it holds.

The attacks detailed in this piece illustrate the fact that a large number of VDRs use generic interfaces, such as USBs, for software updates and downloads. These interfaces expose the devices to a variety of threats that could be exploited using widely-available tools. By implementing dedicated custom interfaces would aid in reducing the risk that these kinds of attacks can be leveraged. Additionally the requirement of a key or other secure way to access the ports will reduce their accessibility and add additional security.