Satellite equipment affected by severe vulnerabilities

A study conducted by experts at IOActive uncovered a variety of severe vulnerabilities in Satellite equipment widely used in numerous industries.

Satellite Communication Devices are vulnerable to cyber attacks due the presence of critical design flaws in the firmware of principal satellite terrestrial equipment. Different satellite systems manufactured by some of the world’s biggest government contractors are affected by severe vulnerabilities according Security experts at IOActive. The researchers have uncovered numerous vulnerabilities in software and ground-based satellite systems manufactured by British suppliers Cobham and Inmarsat. Hackers can hijack and disrupt communication links used in various industries including defense, aviation and communications with serious consequences for the population.

“IOActive found that malicious actors could abuse all of the devices within the scope of this study. The vulnerabilities included what would appear to be backdoors, hardcoded credentials, undocumented and/or insecure protocols, and weak encryption algorithms. In addition to design flaws, IOActive also uncovered a number of features in the devices that clearly pose security risks. ” states the report from IOActive.

Products commercialized by different manufactures, including Iridium, Harris Corporation, Hughes, Thuraya and Japan Radio Company, are also flawed according a study conducted by researchers.

The vulnerable satellites equipments discovered by researchers at IOActive are Harris’ RF-7800-VU024 and RF-7800-DU024 terminals for Broadband Global Area Network (BGAN) services; Hughes 9201/9202/9450/9502 for BGAN and BGAN M2M services, Thuraya IP for BGAN services, Cobham Explorer and SAILOR 900 VSAT for VSAT services, Cobham AVIATOR 700 (E/D) for SwiftBroadband Classic Aero services, Cobham SAILOR FB 150/250/500 for Inmarsat FB services, Cobham SAILOR 6000 Series for Inmarsat C services, JRC JUE-250/500 FB for Inmarsat FB services, and Iridium Pilot/OpenPort for Iridium services.

“You could attack one of these devices with SMS, and trigger features to install new firmware or to compromise it,” “Attackers who compromise the database of an Inmarsat SIM/Terminals reseller can use this information to remotely compromise all those terminals,” says Ruben Santamarta, principal security consultant for IOActive.

As explained by Santamarta, just an SMS text message could become a bullet in the hand of a cyber criminals, the researchers uncovered wrong design habit in the firmware of the device, hardcoded credentials, implementation of insecure protocols, presence of backdoors, and adoption of weak password reset processes are some sample of the flawed processed identified on the equipment.

In my opinion the most alarming fact is that despite the researcher has reported the findings to the CERT Coordination Center, which promptly issued an alert to the vendors in January, but to date the reply is faint. Within the plethora of vendors, only Iridium has started to work for the development of the patches.

“In most cases, attackers can completely compromise” “They could run their own code, install malicious firmware… and do anything they want with that device.” “They can spoof messages and trick the ship to follow a certain path, or to rescue another ship. They can disrupt communications… if a vessel can’t send a distress signal, that’s the worst scenario, if a ship can’t communicate.” the system, Santamarta says.

The same would be true for an airplane, he says. And an attacker would not even need physical access to the satellite equipment to pull off a link hijack or spoof; in many cases, hackers could execute their attacks remotely.

The researchers were able to discover various vulnerabilities simply reverse engineering the firmware of the satellite appliances, once discevered the flaws the unique problem for the attackers is to gain access to the systems through the Internet or any other kind of interface.

 “I wasn’t looking for memory or buffer overflow or other typical vulnerabilities. But design flaws [found] like backdoors or [weak] protocols are in a way more dangerous because you can reach the device” by using them.

 “But if you can reach the device, you can compromise it. You can access it through HTTP or some other kind of documented interfaces. In most cases, you can remotely exploit these flaws.”

The report issued by IOActive provides also some recommendations for users of these satellite equipment inviting to seriously consider the possibilities that attackers exploit these vulnerabilities.

“Owners and providers should evaluate the network exposure of these devices, implement secure policies, enforce network segmentation, and apply restrictive traffic flow templates (TFT) when possible. Until patches are available, vendors should provide official workarounds in addition to recommended configurations in order to minimize the risk these vulnerabilities pose.”

The researchers at IOActive also recommend that SATCOM manufacturers and resellers immediately remove all publicly accessible copies of device firmware updates from their websites to avoid reverse engineering of the source code. 

“If one of these affected devices can be compromised, the entire SATCOM infrastructure could be at risk. Ships, aircraft, military personnel, emergency services, media services, and industrial facilities (oil rigs, gas pipelines, water treatment plants, wind turbines, substations, etc.) could all be impacted by these vulnerabilities.
The results of IOActive’s research should be a wake-up call for both the vendors and  users of the current generation of SATCOM technology.” is the statement used to closes the report.

Pierluigi Paganini

(Security Affairs –  Satellite equipment, cyber security)