JANUARY 7, 2016 — Furuno issued a notice to customers this week saying that potential vulnerability to cyber attack had been found in its Voyage Data Recorder (VDR) products.
Subsequently, it says, corrective measures have been taken, and the potential risks have been resolved.
“It turned out that our VDR may be accessed using a PC connected through network, and a certain commands may be executed with root privileges,” said the notice. “If that occurred, there would be a possibility that the stored data within the VDR may be deleted (it is important to note that data falsification or overwriting is not possible).”
To address these vulnerabilities, Furuno has released several software updates. Recommended updates should be applied as follows:
For VR-3000 and VR-3000S models:
o V1.50 through V1.54 should be updated to V1.56
o V1.61 should be updated to V1.62
o V2.06 through V2.54 should be updated to V2.56
o V2.60 through V2.61 should be updated to V2.62
For VR-7000 models:
o V1.02 should be updated to V1.04
VDR vulnerabilities are the subject of a new U.S. Coast Guard Maritime Cyber Bulletin accessible HERE