Categories: HackingSecurity

Satellite equipment affected by severe vulnerabilities

A study conducted by experts at IOActive uncovered a variety of severe vulnerabilities in Satellite equipment widely used in numerous industries.

Satellite Communication Devices are vulnerable to cyber attacks due the presence of critical design flaws in the firmware of principal satellite terrestrial equipment. Different satellite systems manufactured by some of the world’s biggest government contractors are affected by severe vulnerabilities according Security experts at IOActive. The researchers have uncovered numerous vulnerabilities in software and ground-based satellite systems manufactured by British suppliers Cobham and Inmarsat. Hackers can hijack and disrupt communication links used in various industries including defense, aviation and communications with serious consequences for the population.

IOActive found that malicious actors could abuse all of the devices within the scope of this study. The vulnerabilities included what would appear to be backdoors, hardcoded credentials, undocumented and/or insecure protocols, and weak encryption algorithms. In addition to design flaws, IOActive also uncovered a number of features in the devices that clearly pose security risks. ” states the report from IOActive.

Products commercialized by different manufactures, including Iridium, Harris Corporation, Hughes, Thuraya and Japan Radio Company, are also flawed according a study conducted by researchers.

The vulnerable satellites equipments discovered by researchers at IOActive are Harris’ RF-7800-VU024 and RF-7800-DU024 terminals for Broadband Global Area Network (BGAN) services; Hughes 9201/9202/9450/9502 for BGAN and BGAN M2M services, Thuraya IP for BGAN services, Cobham Explorer and SAILOR 900 VSAT for VSAT services, Cobham AVIATOR 700 (E/D) for SwiftBroadband Classic Aero services, Cobham SAILOR FB 150/250/500 for Inmarsat FB services, Cobham SAILOR 6000 Series for Inmarsat C services, JRC JUE-250/500 FB for Inmarsat FB services, and Iridium Pilot/OpenPort for Iridium services.

“You could attack one of these devices with SMS, and trigger features to install new firmware or to compromise it,” “Attackers who compromise the database of an Inmarsat SIM/Terminals reseller can use this information to remotely compromise all those terminals,” says Ruben Santamarta, principal security consultant for IOActive.

As explained by Santamarta, just an SMS text message could become a bullet in the hand of a cyber criminals, the researchers uncovered wrong design habit in the firmware of the device, hardcoded credentials, implementation of insecure protocols, presence of backdoors, and adoption of weak password reset processes are some sample of the flawed processed identified on the equipment.

In my opinion the most alarming fact is that despite the researcher has reported the findings to the CERT Coordination Center, which promptly issued an alert to the vendors in January, but to date the reply is faint. Within the plethora of vendors, only Iridium has started to work for the development of the patches.

“In most cases, attackers can completely compromise” “They could run their own code, install malicious firmware… and do anything they want with that device.” “They can spoof messages and trick the ship to follow a certain path, or to rescue another ship. They can disrupt communications… if a vessel can’t send a distress signal, that’s the worst scenario, if a ship can’t communicate.” the system, Santamarta says.

The same would be true for an airplane, he says. And an attacker would not even need physical access to the satellite equipment to pull off a link hijack or spoof; in many cases, hackers could execute their attacks remotely.

The researchers were able to discover various vulnerabilities simply reverse engineering the firmware of the satellite appliances, once discevered the flaws the unique problem for the attackers is to gain access to the systems through the Internet or any other kind of interface.

 “I wasn’t looking for memory or buffer overflow or other typical vulnerabilities. But design flaws [found] like backdoors or [weak] protocols are in a way more dangerous because you can reach the device” by using them.

 “But if you can reach the device, you can compromise it. You can access it through HTTP or some other kind of documented interfaces. In most cases, you can remotely exploit these flaws.”

The report issued by IOActive provides also some recommendations for users of these satellite equipment inviting to seriously consider the possibilities that attackers exploit these vulnerabilities.

“Owners and providers should evaluate the network exposure of these devices, implement secure policies, enforce network segmentation, and apply restrictive traffic flow templates (TFT) when possible. Until patches are available, vendors should provide official workarounds in addition to recommended configurations in order to minimize the risk these vulnerabilities pose.”

The researchers at IOActive also recommend that SATCOM manufacturers and resellers immediately remove all publicly accessible copies of device firmware updates from their websites to avoid reverse engineering of the source code. 

“If one of these affected devices can be compromised, the entire SATCOM infrastructure could be at risk. Ships, aircraft, military personnel, emergency services, media services, and industrial facilities (oil rigs, gas pipelines, water treatment plants, wind turbines, substations, etc.) could all be impacted by these vulnerabilities.
The results of IOActive’s research should be a wake-up call for both the vendors and  users of the current generation of SATCOM technology.” is the statement used to closes the report.

Pierluigi Paganini

(Security Affairs –  Satellite equipment, cyber security)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

New AT&T data breach exposed call logs of almost all customers

AT&T disclosed a new data breach that exposed phone call and text message records for…

19 hours ago

Critical flaw in Exim MTA could allow to deliver malware to users’ inboxes

A critical vulnerability in Exim mail server allows attackers to deliver malicious executable attachments to…

21 hours ago

Palo Alto Networks fixed a critical bug in the Expedition tool

Palo Alto Networks addressed five vulnerabilities impacting its products, including a critical authentication bypass issue. Palo…

1 day ago

Smishing Triad Is Targeting India To Steal Personal and Payment Data at Scale

Resecurity has identified a new campaign by the Smishing Triad that is targeting India to…

1 day ago

October ransomware attack on Dallas County impacted over 200,000 people

The ransomware attack that hit Dallas County in October 2023 has impacted more than 200,000…

1 day ago

CrystalRay operations have scaled 10x to over 1,500 victims

A threat actor known as CrystalRay targeted 1,500 victims since February using tools like SSH-Snake…

2 days ago

This website uses cookies.