In late 2013, an information security company called IOActive performed an analysis of satellite communications from Iridium, Thuraya, Harris, Hughes, Cobham and JRC. The company’s analysis uncovered vulnerabilities that could be exploited by reengineering each company’s downloadable firmware updates. According to IOActive, a hacker could intercept, alter or block satellite communications. Hackers could also use firmware vulnerabilities to gain remote access to a device.
Companies like IOActive employ people with graduate degrees in cyber security (click here for program options)to find potential vulnerabilities before hackers do. Because governments rely on satellite communications, particularly during emergency situations, and because activists in dangerous countries often use satphones to communicate with the outside world, satellite communication exploits could place many people’s lives at risk. IOActive has taken its findings both to vulnerable companies and to CERT. Unfortunately, satellite communications companies have been slow to respond.
Types of Vulnerabilities
IOActive named four classes of vulnerabilities in its report, which was issued earlier in 2014:
- Backdoors. Attackers could gain remote access to the network for command and control and for accessing prohibited information.
- Hardcoded credentials. These undocumented credentials allow hackers to gain authenticated access to a network.
- Weak password reset. Attackers could easily reset the passwords of authorized users and then create their own passwords to access the network.
- Insecure and undocumented protocols. Protocols define rules for sending data packets between network nodes. Insecure protocols could allow login credentials and other sensitive information to be viewed in transit. Hackers can also use reverse engineering to uncover the specifications of undocumented protocols.
What an Attack Might Look Like
According to IOActive principal security consultant Ruben Santamaria, the firmware design flaws could disrupt communications between ships, airplanes, emergency personnel and industrial facilities. They could also be used to disrupt military operations.
Santamaria told “Dark Reading” that a simple SMS sent to a vulnerable satellite could prompt the satellite to install new firmware or compromise existing firmware. Spoofed messages could cause a ship to turn off its course. It could also keep a ship from sending out a distress signal. “They could run their own code, install malicious firmware… and do anything they want with that device.”
Disrupted satellite communications could have disastrous effects for a number of sectors including the media, military, government, aerospace and industrial sectors. Disruptions could also affect critical energy infrastructure including power plants and oil and gas rigs. In addition to carrying out cyberattacks, hackers or other nation-states could manipulate the satellite communications system for surveillance purposes. For example, in the event of an impending military attack, hackers could find out the location of the attacking army. Of course, it’s good news for those under attack, but not so good news for the soldiers carrying out the attack.
An Aircraft Scenario
Aircraft communications systems have extremely high security requirements. For this reason, software for aircraft systems has to meet certain security conditions based on how much damage a failure could cause. Software that could cause a Level D failure might inconvenience the crew and passengers by requiring a change to a routine flight plan. Level A software failure could mean the loss of the aircraft as well as high numbers of deaths and injuries.
IOActive discovered that attackers could exploit a Level D-certified satellite communications system that communicates with a Level A-certified system to place an entire aircraft in jeopardy. By gaining control of a SwiftBroadband Unit and a Satellite Data Unit, attackers could take control of an aircraft’s Multi-function Control Display Unit (MCDU), which is a single control panel that runs multiple aircraft functions. Attackers could also compromise the communications channels that aircraft use including the Aircraft Communications Addressing and Reporting System (ACARS), the system that sends data messages between aircraft and ground stations.
What Satellite Companies Haven’t Done
IOActive recommends that all satellite companies take the publicly available downloadable firmware updates down from their websites until they can patch the vulnerabilities. The company also contacted all vendors through the CERT Coordination Center. So far, IOActive reports that only Iridium responded to its requests. Until all satellite vendors are willing to cooperate, some of the world’s most vital communications channels could be in grave danger. The consequences could be disastrous for many innocent people.