It’s probably no surprise to you that the black boxes for ships are vulnerable to hacking. These are the Voyage Data Recorders (VDR) that should capture telemetry, audio recordings, and more. These devices are really computers now, connected to the onboard networks used for satellite communications and physically accessible in many vessels.
It was surprising to hear that some of these VDRs are running Windows XP. While I get that there is some ease of development in using Window systems, that OS wasn’t what I’d call robust and stable for stressful and rugged environments. Some systems use real time OSes, which seems like a better compromise, but Linux might be the best choice for a system both tolerant to a variety of conditions as well as one that might be easy to build applications for.
However no matter what the choice, I’d hope that the developers building software for these systems would treat them with the importance they deserve. While lives aren’t at stake from these applications, liability is. These systems are used in legal proceedings, so the data they collect, in an autonomous fashion, should be protected to ensure its integrity.
Apparently that doesn’t happen, as there are incidents of these devices being hacked an data erased, corrupted, interrupted, or even accessed by those on the ships. That’s not surprising as it seems people always find ways to take advantage of the computer systems they physically control. Ultimately I’d hope that we might constantly transmit some of this data off the ship to ensure there are backup copies, but that brings to mind the problems of securing data in transit, preventing access or disclosure and more.
However these systems might provide a good testbed for researchers looking to better build and architect auditing systems. This is a challenging environment, with high stakes, and if we can develop ways to ensure auditing data is intact when we have lost physical control of the device for long periods of time, perhaps we can find ways to build this same auditing into other platforms.