Furuno Vdr Software

: Furuno Furuno-Felcom-15-Users-Manual-428993 furuno-felcom-15-users-manual-428993 furuno pdf. Maritime Security: Hacking into a Voyage Data Recorder (VDR) In 2014, IOActive disclosed a series of attacks that affect multiple SATCOMdevices, some of which are commonly deployed on vessels. Although there is nodoubt that maritime assets are valuable targets, we cannot limit the attacksurface to those communication devices that vessels,. VDR VR-3000/S DCU VR-5000 VR-7000 MF/HF with DSC,WR and NBDP FS-1570 FS-2570 FS-5070 T-CPU C-CPU TERMINAL FS-1575 FS-2575 FS-5075 List of the latest software version Edition: 20201026E Equipment Model Name & Type Latest Version VHF FM-8800.

by Ruben Santamarta @reversemode
In 2014, IOActive disclosed a series of attacks that affect multiple SATCOMdevices, some of which are commonly deployed on vessels. Although there is nodoubt that maritime assets are valuable targets, we cannot limit the attacksurface to those communication devices that vessels, or even large cruise ships,are usually equipped with. In response to this situation, IOActive providesservices to evaluate the security posture of the systems and devices that makeup the modern integrated bridges and engine rooms found on cargo vessels andcruise ships. [1]
There are multiple facilities, devices, and systems located on ports andvessels and in the maritime domain in general, which are crucial to maintainingsafe and secure operations across multiple sectors and nations.
Port security refers to protecting all of these assets from acts of piracy,terrorism, and other unlawful activities, such as smuggling. Recent activity appearsto demonstrate that cyberattacks against this sector may have beenunderestimated. As threats evolve, procedures and policies must improve to takethese new attack scenarios into account. For example, https://www.federalregister.gov/articles/2014/12/18/2014-29658/guidance-on-maritime-cybersecurity-standards

This blog post describes IOActive’s research related to one type of equipmentusually present in vessels, Voyage Data Recorders (VDRs). In order tounderstand a little bit more about these devices, I’ll detail some of theinternals and vulnerabilities found in one of these devices, the FurunoVR-3000.



(http://www.imo.org/en/OurWork/Safety/Navigation/Pages/VDR.aspx ) A VDR isequivalent to an aircraft’s ‘BlackBox’. These devices record crucial data, suchas radar images, position, speed, audio in the bridge, etc. This data can be usedto understand the root cause of an accident.


Several years ago, piracy acts were on the rise. Multiple cases were reportedalmost every day. As a result, nation-states along with fishing and shippingcompanies decided to protect their fleet, either by sending in the military or hiringprivate physical security companies.
On February 15, 2012, two Indian fishermen were shot by Italian marinesonboard the Enrica merchant vessel, who supposedly opened fire thinking theywere being attacked by pirates. This incident caused a serious diplomaticconflict between Italy and India, which continues to the present. https://en.wikipedia.org/wiki/Enrica_Lexie_case
'Mysteriously', the data collected from the sensors and voice recordingsstored in the VDR during the hours of the incident was corrupted, making ittotally unusable for authorities to use during their investigation. As this story, from Indian Times, mentions theVDR could have provided authorities with crucial clues to figure out whatreally happened.
http://timesofindia.indiatimes.com/city/chennai/Lost-voice-data-recorder-may-cost-India-Italian-marines-case/articleshow/18942389.cms
Furuno
Curiously, Furuno was the manufacturer of the VDR that was corrupted inthis incident. This Kerala High Court’s document covers this fact: http://indiankanoon.org/doc/187144571/ However, we cannot say whether the model Enrica Lexie was equipped withwas the VR-3000. Just as a side note, the vessel was built in 2008 and theFuruno VR-3000 was apparently released in 2007.

Just a few weeks later, on March 1, 2012, the Singapore-flagged cargoship MV. Prabhu Daya was involved in a hit-and-run incident off the KeralaCoast. As a result, three fishermen were killed and one more disappeared andwas eventually rescued by a fishing vessel in the area. Indian authoritiesinitiated an investigation of the accident that led to the arrest of the MV.Prabhu Daya’s captain.

During that process, an interesting detail was reported in several Indiannewspapers.



http://www.thehindu.com/news/national/tamil-nadu/voyage-data-recorder-of-prabhu-daya-may-have-been-tampered-with/article2982183.ece


From a security perspective, it seems clear VDRs pose a reallyinteresting target. If you either want to spy on a vessel’s activities ordestroy sensitive data that may put your crew in a difficult position, VDRs arethe key.
Understanding a VDR's internals can provide authorities, or third-parties,with valuable information when performing forensics investigations. However, theability to precisely alter data can also enable anti-forensics attacks, asdescribed in the real incident previously mentioned.

As usual, I didn’t have access to the hardware; but fortunately, Iplayed some tricks and found both firmware and software for the target VDR. Thedetails presented below are exclusively based on static analysis and user-modeQEMU emulation (already explained in a previous blog post). [2]
Figure: Typical architecture of aVR-3000
Basically, inside the Data Collecting Unit (DCU) is a Linux machine withmultiple communication interfaces, such as USB, IEEE1394, and LAN. Also insidethe DCU, is a backup HDD that partially replicates the data stored on the DataRecording Unit (DRU). The DRU is protected against aggressions in order tosurvive in the case of an accident. It also contains a Flash disk to store datafor a 12 hour period. This unit stores all essential navigation and status datasuch bridge conversations, VHF communications, and radar images.
The International Maritime Organization (IMO) recommends that all VDRand S-VDR systems installed on or after 1 July 2006 be supplied with anaccessible means for extracting the stored data from the VDR or S-VDR to alaptop computer. Manufacturers are required to provide software for extractingdata, instructions for extracting data, and cables for connecting between a recordingdevice and computer.

The following documents provide more detailed information:
http://www.furunousa.com/ProductDocuments/VR3000%20Data%20Extraction%20Instructions%20for%20version%202.xx.pdf
http://www.furuno.fr/Multimedia/VR3000_VR3000S_OME-G1.pdf

After spending some hours reversing the different binaries, it was clearthat security is not one of its main strengths of this equipment. Multiple servicesare prone to buffer overflows and command injection vulnerabilities. The mechanismto update firmware is flawed. Encryption is weak. Basically, almost the entiredesign should be considered insecure.
Take this function, extracted from from the Playback software, as anexample of how not to performauthentication. For those who are wondering what 'Encryptor' is, just a word:Scytale.

Digging furtherinto the binary services we can find a vulnerability that allowsunauthenticated attackers with remote access to the VR-3000 to executearbitrary commands with root privileges. This can be used to fully compromisethe device. As a result, remote attackers are able to access, modify, or erasedata stored on the VDR, including voice conversations, radar images, andnavigation data.

VR-3000’sfirmware can be updated with the help of Windows software known as 'VDRMaintenance Viewer' (client-side), which is proprietary Furuno software.
The VR-3000firmware (server-side) contains a binary that implements part of the firmwareupdate logic: ‘moduleserv’
This servicelistens on 10110/TCP.

Internally, bothserver (DCU) and client-side (VDR Maintenance Viewer, LivePlayer, etc.) use aproprietary session-oriented, binary protocol. Basically, each packet maycontain a chain of 'data units', which, according to their type, will containdifferent kinds of data.
Figure: Some ofthe supported commands
'moduleserv' severalcontrol messages intended to control the firmware upgrade process. Let's analyze how it handles a'SOFTWARE_BACKUP_START' request:

An attacker-controlledstring is used to build a command that will be executed without being properly sanitized.Therefore, this vulnerability allows remote unauthenticated attackers toexecute arbitrary commands with root privileges.



Atthis point, attackers could modify arbitrary data stored on the DCU in order to,for example, delete certain conversations from the bridge, delete radar images,or alter speed or position readings. Malicious actors could also use the VDR tospy on a vessel’s crew as VDRs are directly connected to microphones located,at a minimum, in the bridge.
However,compromising the DCU is not enough to cover an attacker’s tracks, as it onlycontains a backup HDD, which is not designed to survive extreme conditions. Thekey device in this anti-forensics scenario would be the DRU. The privilegedposition gained by compromising the DCU would allow attackers to modify/deletedata in the DRU too, as this unit is directly connected through an IEEE1394interface. The image below shows the structure of the DRU.



BeforeIMO's resolution MSC.233(90) [3], VDRs did not have tocomply with security standards to prevent data tampering. Taking into account thatwe have demonstrated these devices can be successfully attacked, any datacollected from them should be carefully evaluated and verified to detect signsof potential tampering.
IOActive,following our responsible disclosure policy, notified the ICS-CERT about thisvulnerability in October 2014. The ICS-CERT, working alongside the JPCERT/CC,were in contact with Furuno and were able to reproduce and verify thevulnerability. Furuno committed to providing a patch for their customers'sometime in the year of 2015.' IOActive does not have furtherdetails on whether a patch has been made available.

--------------
1.http://www.ioactive.com/alerts/maritime-vessel-ship-security-assurance.html
2.http://blog.ioactive.com/2013/09/emulating-binaries-to-discover.html
3.http://www.imo.org/en/KnowledgeCentre/IndexofIMOResolutions/Documents/MSC%20-%20Maritime%20Safety/333(90).pdf


Furuno Vdr Software Update

Source: lmth.egayov-otni-gnikcah-ytiruces-emitiram/21/5102/moc.evitcaoi.golb

Overview


*BB deontes Black Box only (no monitor included with these models)

Features

Advanced technologies for safe navigation

The FURUNO FAR-22×8/23×8 series is a brand-new radar series characterized by its state-of-the-art antenna design and innovative signal processing techniques. FURUNO’s latest and finest technologies and intuitive design will increase situational awareness and enable safer than ever navigation.

Automatic Clutter Elimination (ACE) for unprecedented echo clarity

Quickly adjusts the radar image with of a single button press. When the ACE function is activated, the system automatically adjusts clutter reduction filters and gain control according to the sea and weather conditions.


ACE OFF


ACE ON

Fast Target Tracking™ (TT) function to prevent collision at an early stage

With Fast Target Tracking™ (TT), the FAR-22×8/23×8 series provides accurate tracking information; speed and course vectors are displayed in mere seconds allowing operators to take action and avoid incidents at a very early stage.

User interface designed for the ultimate intuitive operation

InstantAccess bar™ which gives you immediate access to the functions you need

InstantAccess bar™ contains shortcut menus of tasks (functions/actions) which operators frequently use, so users can quickly access necessary tasks.

Well-designed controllers for stress-free operation

Comfortable usability is very important on long voyages. With that in mind, these control units are designed based on ergonomics to fit the operator’s hand. All operations can be controlled with the trackball.

Refined antenna with high signal accuracy and excellent reliability

The FAR-22×8/23×8 series is designed to provide clearer and more accurate radar images of the surroundings while increasing reliability and decreasing overall cost of ownership with easy maintenance.

High image quality is achieved by the signal processor inside the antenna unit directly converting analog to digital signals before sending them to the main processor unit. Signals are safely transported though the Ethernet network between the antenna and below deck processing unit.

The new antenna shape suppresses aerodynamic drag and lightens the burden on the gear box. The gear box itself has also been redesigned. Decreased aerodynamic drag and DC brushless motor result in a very durable gear box that can be used for prolonged period of time.

Installation and maintenance are now easier than ever. All components of the gear box are integrated into one block that can easily be removed from the gear box when maintenance is required. The cable to the gear box can be connected from the side of the gear box.

Solid State Radar model – NXT – specialized in target detection and maintainability (S-band only)

FURUNO Solid State Radars emphasize quality and reliability, while also meeting the rigorous demands of the marine environment.

Clear images

FURUNO Solid State Radar technology generates clear echo images, which allows users to obtain a clear picture of the area around thier vessel, including weaker echoes from small craft.

Furuno Vdr Software Downloads

Reduced maintenance and running costs
Fan-less Solid State antenna dramatically reduces maintenance costs for the magnetron and CPU fan.

Almost same power ability as conventional magnetron radar

Easy installation for new building as well as retrofits, with expanded capabilities

Continuous usage of existing monitor, control unit and cables in retrofitting
When retrofitting in lieu of FAR-2xx7 series, existing monitor, control unit, and cables can be continuously used for FAR-22×8/23×8 series.

Easy, cost-less and eco-friendly setup for Ethernet communication
Optional LAN Signal Converter enables Ethernet communication. Also extension of the cable between antenna unit and processor unit utilizing existing cables when retrofitting is possible.

Ethernet connectivity with onboard system
Ethernet expands the radar’s capability with connection between either existing or newly installed system such as ECDIS and VDR.

Inter-switch which utilizes no other cables than LAN cable with the optional Ethernet HUB

DVI-I cable connectible to VDR in retrofitting
How to connect VDR with FAR-22×8/23×8 series

Expandability – Ice/Oil detection Radar

FAR-22×8/23×8 series X-band radar can be used as an ice/oil detection radar by connecting a dedicated processor unit.


Technical Specifications

Rules and Regulations

FAR-22×8/23×8 series fully comply with the following IEC standards:

Furuno Vdr Playback Software

  • IEC 60945 Ed.4.0
  • IEC 62388 Ed.2.0
  • IEC 62288 Ed.2.0
  • IEC 61162-2
  • IEC 61162-1 Ed.5.0
  • IEC 61162-450

Software Version

Furuno Vdr 3000 Playback Software


Comments are closed.