The dismal state of SATCOM security
Posted on 17 April 2014.
Satellite Communications (SATCOM) play a vital role in the global telecommunications system, but the security of the devices used leaves much to be desired, says Ruben Santamarta, principal security consultant with IOActive.

The list of security weaknesses he and his colleagues found while analyzing and reverse-engineering firmware used on the most widely deployed Inmarsat and Iridium SATCOM terminals does not include only design flaws, but also features in the devices themselves that could be of use to attackers.

"We live in a world where an ever-increasing stream of digital data is flowing between continents. It is clear that those who control communications traffic have an upper-hand," Santamarta pointed out in a recently released whitepaper documenting their research. "The ability to disrupt, inspect, modify, or re-route traffic provides an invaluable opportunity to carry perform surveillance or conduct cyber-attacks."

Many important industries depend on satellite networks, including the maritime and aerospace sectors, emergency services, the energy and military sectors, and the media. IOActive researchers have concentrated on analyzing the terminals used on the ground segment of the SATCOM infrastructure.

"Our research was not intended to stress the software in search of common memory corruptions, but rather to understand the devicesí native security strengths and weaknesses," he pointed out, and unfortunately, the weaknesses abound.

"The vulnerabilities we uncovered what would appear to be multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols, and weak encryption algorithms. These vulnerabilities allow remote, unauthenticated attackers to compromise the affected products. In certain cases no user interaction is required to exploit the vulnerability; just sending a simple SMS or specially crafted message from one ship to another ship would be successful for some of the SATCOM systems," Santamarta shared.

Technical details that would allow attackers to take advantage of the found vulnerabilities have, of course, not yet been widely shared. The company is working with government CERT Coordination Center and the vulnerable vendors to fix them before making those details public.

In the meantime, they advised SATCOM manufacturers and resellers to remove all publicly accessible copies of device firmware updates from their websites, so that attackers can't download them freely and scour them for usable vulnerabilities.

Despite all this, the aforementioned whitepaper is an extremely interesting read, as it details a variety of possible attack scenarios.


Chrome extension thwarts user profiling based on typing behavior

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Jul 29th