Ebuzznet

Web Design and Blogging

  • HOME
  • SEO
  • TECH
    • ANDROID
  • BLOGGING
    • DEALS
    • REVIEWS
    • MAKE MONEY
  • WEB DESIGN
    • WORDPRESS
    • THEME
  • SOCIAL
    • FACEBOOK
    • TWITTER
    • LINKEDIN
  • BUSINESS
  • CONTACT

Satellite Communications Have Major Security Holes

Home > Tech > Satellite Communications Have Major Security Holes

In late 2013, an information security company called IOActive performed an analysis of satellite communications from Iridium, Thuraya, Harris, Hughes, Cobham and JRC. The company’s analysis uncovered vulnerabilities that could be exploited by reengineering each company’s downloadable firmware updates. According to IOActive, a hacker could intercept, alter or block satellite communications. Hackers could also use firmware vulnerabilities to gain remote access to a device.
Companies like IOActive employ people with graduate degrees in cyber security (click here for program options)to find potential vulnerabilities before hackers do. Because governments rely on satellite communications, particularly during emergency situations, and because activists in dangerous countries often use satphones to communicate with the outside world, satellite communication exploits could place many people’s lives at risk. IOActive has taken its findings both to vulnerable companies and to CERT. Unfortunately, satellite communications companies have been slow to respond.

Types of Vulnerabilities


Satellite Communications

IOActive named four classes of vulnerabilities in its report, which was issued earlier in 2014:

  • Backdoors. Attackers could gain remote access to the network for command and control and for accessing prohibited information.
  • Hardcoded credentials. These undocumented credentials allow hackers to gain authenticated access to a network.
  • Weak password reset. Attackers could easily reset the passwords of authorized users and then create their own passwords to access the network.
  • Insecure and undocumented protocols. Protocols define rules for sending data packets between network nodes. Insecure protocols could allow login credentials and other sensitive information to be viewed in transit. Hackers can also use reverse engineering to uncover the specifications of undocumented protocols.

What an Attack Might Look Like


attack

According to IOActive principal security consultant Ruben Santamaria, the firmware design flaws could disrupt communications between ships, airplanes, emergency personnel and industrial facilities. They could also be used to disrupt military operations.
Santamaria told “Dark Reading” that a simple SMS sent to a vulnerable satellite could prompt the satellite to install new firmware or compromise existing firmware. Spoofed messages could cause a ship to turn off its course. It could also keep a ship from sending out a distress signal. “They could run their own code, install malicious firmware… and do anything they want with that device.”
Disrupted satellite communications could have disastrous effects for a number of sectors including the media, military, government, aerospace and industrial sectors. Disruptions could also affect critical energy infrastructure including power plants and oil and gas rigs. In addition to carrying out cyberattacks, hackers or other nation-states could manipulate the satellite communications system for surveillance purposes. For example, in the event of an impending military attack, hackers could find out the location of the attacking army. Of course, it’s good news for those under attack, but not so good news for the soldiers carrying out the attack.
An Aircraft Scenario
Aircraft communications systems have extremely high security requirements. For this reason, software for aircraft systems has to meet certain security conditions based on how much damage a failure could cause. Software that could cause a Level D failure might inconvenience the crew and passengers by requiring a change to a routine flight plan. Level A software failure could mean the loss of the aircraft as well as high numbers of deaths and injuries.
IOActive discovered that attackers could exploit a Level D-certified satellite communications system that communicates with a Level A-certified system to place an entire aircraft in jeopardy. By gaining control of a SwiftBroadband Unit and a Satellite Data Unit, attackers could take control of an aircraft’s Multi-function Control Display Unit (MCDU), which is a single control panel that runs multiple aircraft functions. Attackers could also compromise the communications channels that aircraft use including the Aircraft Communications Addressing and Reporting System (ACARS), the system that sends data messages between aircraft and ground stations.

What Satellite Companies Haven’t Done


IOActive recommends that all satellite companies take the publicly available downloadable firmware updates down from their websites until they can patch the vulnerabilities. The company also contacted all vendors through the CERT Coordination Center. So far, IOActive reports that only Iridium responded to its requests. Until all satellite vendors are willing to cooperate, some of the world’s most vital communications channels could be in grave danger. The consequences could be disastrous for many innocent people.

Image Credits – Armed Forces satellite terminal image by LCpl. Michael Augusto, USMC, from Wikimedia Commons (public domain).

Filed Under: Tech Tagged With: Satellite

How to Update TomTom Map


Update TomTom Map for Free

Discover the Secrets of Online Money Making

6 Great Website Marketing Strategies

Experts discuss perception of PPC

Lucky 6 game for Android Review

Business 101: Top Laptops to Help Professionals Get the Job Done

Giving Your Office The Makeover It Needs

Is Quora Next Big Thing In Social Media Marketing?

Headlines: Increasing Clickthroughs Using Compelling Titles

Understanding Your Customer’s Tech Concerns

Webydo – The Ultimate Destination for Professional Website Designers

Importance of SEO in Small Business

How Do You Avoid Falling Behind When Working For Yourself?

How To Build Trust And Establish A Reputation Online

Improve Your Staff Satisfaction with These Killer Ideas

Website Hosting Resellers: What Consumers Need To Know

Top 4 Trends For Home Based Business In 2013

Business First: Turn Casual Customers Into Brand Evangelists with a Personal Approach

It Might Be Time To Transform Your Blog Into A Business

HostGator Baby Plan Review – Reliable Web Hosting

How to Install and Play Flappy Bird on PC

How to Transfer Photos from iPhone to Computer

Cloud Hosting Explained – Guide for Beginners

Search Engine Marketing Tips

How The Best Websites Make A Sale

The (Surmountable) Downsides to Running an Online Business

BlueStacks App Player Review and Offline Installer for Computer

Why the iPod Classic Still Has Plenty of Life Yet

3 Simple Steps That Could Stop Cyber Attacks Against Your Business

Should You Get into the World of E-Commerce

Terrific Techniques for Facebook Advertising

Recipe Manager App for iOS Devices

Recipe Manager App for iOS Devices/

Ebuzznet, All Rights Reserved Web Design and Blogging | Free Blog Setup | Write for Ebuzznet | About Us | Contact Us | Privacy Policy | Disclaimer