Satellite communications (SATCOM) networks are among the most sensitive and critical in the world. SATCOM equipment aboard Malaysian Airlines Flight MH370 helped Inmarsat engineers determine the approximate location of the lost airliner (assuming it hasn’t been spirited away by aliens), and the technology is used every day in a wide range of vital applications.
So it comes as more than just a surprise that these networks may be “wide open” to attack by hackers. That’s according to this story on the cyber security news site Dark Reading.
Author Kelly Jackson Higgins says that the satellite communications networks used by the military and emergency responders, and for a range of transportation and industrial applications, are riddled with vulnerabilities, including backdoors, hardcoded credentials, weak password reset features, poor encryption and other flaws.
Higgins takes as her cue an April 17 blog posting by Ruben Santamarta, principal security consultant for IOActive Labs.
Santamarta says he discovered the flaws last fall and has now issued a report based on his findings. He reported those findings to the U.S. CERT Coordination Center, which alerted affected vendors in January.
The problems reside in the firmware of widely used satellite ground equipment, and could enable a hacker to launch an attack simply by sending an SMS text message.
“Attackers who compromise the database of an Inmarsat SIM/Terminals reseller can use this information to remotely compromise all those terminals,” Santamarta says. Attackers “could run their own code, install malicious firmware… and do anything they want with that device.”
An attack could cut off, disrupt or even spoof satellite communication to a ship or aircraft, Santamarta says, with potentially catastrophic results. “They can spoof messages and trick the ship to follow a certain path, or to rescue another ship.”
Attackers would need some knowledge of the firmware weak spots, and not all of them are equally serious. “But if you can reach the device, you can compromise it,” Santamarta says. Attackers can gain access through HTTP or other documented interfaces, and in most cases, the attacks can be executed remotely.
“I hope this research is seen as a wake-up call for both the vendors and users of the current generation of SATCOM technology,” Santamarta says.
A related white paper is available for download from the blog site.