Home // CYBER 2022, The Seventh International Conference on Cyber-Technologies and Cyber-Systems // View article

Investigating the Security and Accessibility of Voyage Data Recorder Data Using a USB Attack

Authors:
Avanthika Vineetha Harish
Kimberly Tam
Kevin Jones

Keywords: Maritime; Ransomware; USB Rubber Ducky; Voyage Data Recorder

Abstract:
Voyage Data Recorders (VDR) or 'black boxes' for ships hold critical navigational and sensor data that can be used as evidence in an investigation. These systems have proven extremely useful in determining the cause of several previous shipping accidents. Considering the importance of the VDR and the increasing number of cyber-attacks in the maritime sector, the likelihood of it being attacked is high. This paper examines the security and accessibility of VDR data through a malicious USB device. A USB device is used after a series of tests, detailed in this paper, found it to be a viable way to compromise a VDR system. Intensive penetration testing was performed on a VDR, and this paper presents the four key highlights from the authors’ tests. The results show that real-world VDR data might not be secure from an insider threat with little to no cyber knowledge, and future VDRs may open that up to more outsider attackers. For a device like VDR, where confidentiality, integrity and availability of data are critical, a cyber-attack could therefore lead to serious repercussions.

Pages: 74 to 80

Copyright: Copyright (c) IARIA, 2022

Publication date: November 13, 2022

Published in: conference

ISSN: 2519-8599

ISBN: 978-1-61208-996-6

Location: Valencia, Spain

Dates: from November 13, 2022 to November 17, 2022