Major security flaws threaten satellite communications

An analysis of satellite communication gear from more than a half-dozen major manufacturers has uncovered critical vulnerabilities that could be exploited to disrupt military operations and ship and aircraft communications.

The flaws were found in software and ground-based satellite systems used worldwide and manufactured by U.S.-based Harris Corp., Hughes and Iridium Communications; U.K.-based Cobham and Inmarsat; Thuraya, headquartered in Dubai, United Arab Emirates, and the Japan Radio Co., security firm IOActive reported in a technical white paper released this week.

Satellite communication (SATCOM) networks are critical in aeronautics, the energy and maritime industries, emergency services and the media. Government agencies and the military also depend on such networks.

From October to December 2013, IOActive researchers reversed engineered the publicly available firmware updates of SATCOM products from the manufacturers. What the researchers found were major vulnerabilities that could let a cyberattacker intercept, manipulate or block communications, and in some cases, remotely take control of the physical device.

The findings were serious enough for the vendor to recommend that SATCOM manufacturers and resellers "immediately remove all publicly accessible copies of device firmware updates from their websites, if possible, and strictly control access to updates in the future."

IOActive has notified the vendors of the flaws and is working with the government CERT Coordination Center. CERT, which stands for Computer Emergency Response Team, is a part of the Software Engineering Institute (SEI), which is a U.S.-funded research and development center at the Carnegie Mellon University.

Specific details needed to replicate or test the vulnerabilities will not be released publicly until the second half of the year to give the vendors time to develop patches for their products.

So far, only Iridium was working on a fix, Cesar Cerrudo, chief technology officer for IOActive Labs, said Friday. "Government agencies are aware of the situation, but we don't know how hard they are pressuring vendors to get the vulnerabilities fixed."

The classes of vulnerabilities uncovered by IOActive included hardcoded credentials, undocumented protocols, insecure protocols and backdoors.

Many of the problems were discovered in Broadband Global Area Network satellite receivers. BGAN is an Internet and voice network often used in military operations. The system was used is efforts to locate the Malaysian passenger plane that crashed last month.

The equipment analyzed was also used in accessing Inmarsat-C and FleetBroadband, both maritime communication systems; SwiftBroadband, an IP-based data and voice aeronautical system that has been approved by the International Civil Aviation Organization (ICAO) for aircraft safety services; and Classic Aero Service, an aeronautical system used for voice, fax and data services.

To exploit the vulnerabilities, an attacker would have to first compromise or gain physical access to a PC connected to one of the above networks, Cerrudo, chief technology officer for IOActive Labs, said. Once in the control of the attacker, the computer could then be used to compromise vulnerable devices without needing a user name or password.

"The impact will depend on the scenario, if the devices are compromised when they are really needed then the impact would be bigger and maybe cause accidents," Cerrudo said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags cyber attackstelecommunicationiridiumsatelliteespionagecyberattacksIOActiveinmarsatvulnerability researchcritical infrastructureThurayaapplication vulnerabilitynetwork security riskscritical infrastructure security

More about Carnegie Mellon University AustraliaCERT AustraliaComputer Emergency Response TeamInmarsatIridiumIridiumMellonThuraya

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Antone Gonsalves

Latest Videos

More videos

Blog Posts