Number:IRCNE2014042170
Date: 2014-04-21
According to “computerworld”, Security researchers have found that many satellite communication systems have vulnerabilities and design flaws that can let remote attackers intercept, manipulate, block and in some cases take full control of critical communications.
Between October and December last year, researchers from IOActive analyzed the firmware of popular satellite communications (SATCOM) devices that are used in the military, aerospace, maritime, critical infrastructure and other sectors. The research covered products manufactured or marketed by Harris, Hughes Network Systems, Cobham, Thuraya Telecommunications, Japan Radio Company (JRC) and Iridium Communications. The analysis focused on SATCOM terminals that are used on ground, in the air and at sea, not satellite communications equipment in space.
"IOActive found that all devices within the scope of this research could be abused by a malicious actor," the IOActive researchers said in a report published Thursday. "We uncovered what would appear to be multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols, and weak encryption algorithms."
"These vulnerabilities allow remote, unauthenticated attackers to compromise the affected products," the researchers said. "In certain cases no user interaction is required to exploit the vulnerability; just sending a simple SMS or specially crafted message from one ship to another ship would be successful for some of the SATCOM systems."
For example, vulnerabilities that IOActive claims to have found in mobile Harris BGAN terminals would allow attackers to install malicious firmware or execute arbitrary code.
The Hughes BGAN M2M terminals, which are used in the utilities, oil and gas, retail banking and environment monitoring sectors, also contain vulnerabilities that could allow attackers to perform fraud, launch denial-of-service attacks, cause physical damage and spoof data, according to IOActive. These satellite user terminals can be controlled remotely via SMS messages, the company's researchers said.
The published paper does not contain any technical details about the identified flaws in order to avoid their exploitation by malicious parties. However, the researchers plan to release such details later this year.
IOActive claims that it worked with the CERT Coordination Center (CERT/CC) to alert affected vendors about the vulnerabilities in their products.
"Unfortunately, except for Iridium, the vendors did not engage in addressing this situation," the researchers said. "They did not respond to a series of requests sent by the CERT Coordination Center and/or its partners."
The team recommends that SATCOM terminals manufacturers and resellers remove publicly accessible copies of the device firmware updates from their websites and strictly control access to such software in the future in order to prevent others from identifying the same or other vulnerabilities.
"If one of these affected devices can be compromised, the entire SATCOM infrastructure could be at risk," the researchers said. "Ships, aircraft, military personnel, emergency services, media services, and industrial facilities (oil rigs, gas pipelines, water treatment plants, wind turbines, substations, etc.) could all be impacted by these vulnerabilities."
- 6