Mission-critical satellite communications wide open to malicious hacking

[InfoSec News <alerts () infosecnews org>]

http://arstechnica.com/security/2014/04/mission-critical-satellite-communications-wide-open-to-malicious-hacking/

By Dan Goodin
Ars Technica
April 17, 2014

Mission-critical satellite communications relied on by Western militaries 
and international aeronautics and maritime systems are susceptible to 
interception, tampering, or blocking by attackers who exploit easy-to-find 
backdoors, software bugs, and similar high-risk vulnerabilities, a 
researcher warned Thursday.

Ground-, sea-, and air-based satellite terminals from a broad spectrum of 
manufacturers—including Iridium, Cobham, Hughes, Harris, and Thuraya—can 
be hijacked by adversaries who send them booby-trapped SMS text messages 
and use other techniques, according to a 25-page white paper published by 
penetration testing firm IOActive. Once a malicious hacker has remotely 
gained control of the devices, which are used to communicate with 
satellites orbiting in space, the adversary can completely disrupt 
mission-critical satellite communications (SATCOM). Other malicious 
actions include reporting false emergencies or misleading geographic 
locations of ships, planes, or ground crews; suppressing reports of actual 
emergencies; or obtaining the coordinates of devices and other potentially 
confidential information.

"If one of these affected devices can be compromised, the entire SATCOM 
infrastructure could be at risk," Ruben Santamarta, IOActive's principal 
security consultant, wrote. "Ships, aircraft, military personnel, 
emergency services, media services, and industrial facilities (oil rigs, 
gas pipelines, water treatment plants, wind turbines, substations, etc.) 
could all be impacted by these vulnerabilities."

Santamarta said that every single one of the terminals he audited 
contained one or more weaknesses that hackers could exploit to gain remote 
access. When he completed his review in December, he worked with the CERT 
Coordination Center to alert each manufacturer to the security holes he 
discovered and suggested improvements to close them. To date, Santamarta 
said, the only company to respond was Iridium. To his knowledge, the 
remainder have not yet addressed the weaknesses. He called on the 
manufacturers to immediately remove all publicly accessible copies of 
device firmware from their websites to prevent malicious hackers from 
reverse engineering the code and uncovering the same vulnerabilities he 
did.

[...]

--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/