Satellite telecom vulnerable to hackers, researchers find

April 17, 2014 by Rob Lever

Federal Aviation Administration System Command Center in Herndon, Virginia, on August 12, 2002
Security flaws in many satellite telecommunications systems leave them open to hackers, raising potential risks for aviation, shipping, military and other sectors, security researchers said Thursday.

A paper released by the security firm IOActive found "multiple high risk vulnerabilities" in all the systems studied.

"These vulnerabilities have the potential to allow a malicious actor to intercept, manipulate, or block communications, and in some cases, to remotely take control of the physical device," the report said.

Ruben Santamarta, author of the report, said he was concerned "because are used in a variety of critical scenarios."

Santamarta told AFP that most ships and aircraft use satellite communications, and in some cases military communications use these commercial satellite systems.

If the systems are compromised, he said, "for , a foreign government or agency can target these devices and they can track the location of units and soldiers."

For aircraft or ships, he said, an attacker "can spoof data" and either block or disrupt emergency communications.

Because of the nature of the systems using satellites, Santamarta said, "we expected better security."

Santamarta said he had no evidence of any disruption affecting Malaysia Airlines flight MH370, but noted that "it is technically possible" that its communications could have been tampered with.

The IOActive report studied communications over the Inmarsat and Iridium satellite networks. But Santamarta said the vulnerabilities were mainly in ground equipment which connects to the satellites.

"IOActive found that malicious actors could abuse all of the devices within the scope of this study," the report said.

"The vulnerabilities included what would appear to be back doors, hard-coded credentials, undocumented and/or insecure protocols, and weak encryption algorithms."

The company began its research in 2013, and in early 2014, a security warning was issued by the Computer Emergency Response Team, a group of researchers backed by the US Department of Homeland Security.

IOActive said however that most of the satellite telecom (SATCOM) vendors did not respond to the January alert to upgrade their systems despite the nature of the risks.

"If one of these affected devices can be compromised, the entire SATCOM infrastructure could be at risk," the report said.

"Ships, aircraft, military personnel, emergency services, media services, and industrial facilities (oil rigs, gas pipelines, , wind turbines, substations, etc.) could all be impacted by these vulnerabilities."

Santamarta added, "I hope this research is seen as a wake-up call for both the vendors and users of the current generation of SATCOM technology."

Explore further: Communications satellite launched into space

Related Stories

NSC backs disclosing software vulnerabilities

April 13, 2014

Disclosing vulnerabilities in commercial and open source software is in the national interest and shouldn't be withheld from the public unless there is a clear national security or law enforcement need, President Barack Obama's ...

Brazil confirms satellite deal after US spying outcry

November 29, 2013

Brazil's state-owned telecom provider Telebras signed a $560 million contract to deliver a satellite for secure communications on Thursday, following months of outrage over revelations of US cyber-spying.

Recommended for you

Squid could provide an eco-friendly alternative to plastics

February 21, 2019

The remarkable properties of a recently-discovered squid protein could revolutionize materials in a way that would be unattainable with conventional plastic, finds a review published in Frontiers in Chemistry. Originating ...

Female golden snub-nosed monkeys share nursing of young

February 21, 2019

An international team of researchers including The University of Western Australia and China's Central South University of Forestry and Technology has discovered that female golden snub-nosed monkeys in China are happy to ...

When does one of the central ideas in economics work?

February 20, 2019

The concept of equilibrium is one of the most central ideas in economics. It is one of the core assumptions in the vast majority of economic models, including models used by policymakers on issues ranging from monetary policy ...

In colliding galaxies, a pipsqueak shines bright

February 20, 2019

In the nearby Whirlpool galaxy and its companion galaxy, M51b, two supermassive black holes heat up and devour surrounding material. These two monsters should be the most luminous X-ray sources in sight, but a new study using ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.