Critical military satellite systems are vulnerable to hacking

Satellite systems used for military communications, flight safety and navigation might be easily compromised as a result of software vulnerabilities, new research shows.

Researchers from security consultancy IOActive are warning that important satellite constellations are susceptible to hacking and other dangers, according to a recently released white paper.  

The firm conducted static firmware analysis through the reverse-engineering of several satellite devices. The services examined by the report include Inmarsat-C, Very Small Aperture Terminal (VSAT), Broadband Global Area Network (BGAN), BGAN machine-to-machine (M2M), FleetBroadband (FB), SwiftBroadband and Classic Aero Service.

These services are used in a variety of functions such as communications, navigation and military operations.

The report examines possible attack scenarios against satellites that provide these services, including those made by important satellite contractors such as Harris Hughes, and Iridium.

In examining the firmware of the satellites, researchers found that malicious actors could attack the satellites with methods such as:

• Injecting malicious firmware or executing arbitrary code into terminals to obtain GPS coordinates or disable communications.
• Exploiting admin code backdoors via SMS messages to install malicious firmware, possibly resulting in fraud, denial of service, physical damage, or data spoofing.
• Compromising terminals through their authentication mechanisms in order to spoof navigation charts or disrupt the operational integrity of cargo vessels.

Many of the devices have insecure and undocumented protocols, hard-coded credentials and admin backdoors.

“If one of these affected devices can be compromised, the entire SATCOM infrastructure could be at risk,” the report states. “Ships, aircraft, military personnel, emergency services, media services, and industrial facilities (oil rigs, gas pipelines, water treatment plants, wind turbines, substations, etc.) could all be impacted by the vulnerabilities.”

IOActive, with the assistance of the Computer Emergency Response Team (CERT) Coordination Center, has informed the manufacturers of the possible security concerns, but only Iridium has responded positively in addressing the situation.

The report suggests that owners and providers evaluate the network exposure of their devices, implement secure policies, enforce network segmentation, and apply restrictive traffic flow templates.

CERT, sponsored by the Homeland Security Department and based at Carnegie Mellon University, has previously warned manufacturers of some of the vulnerabilities in January. The whitepaper from IOActive was released after manufacturers appeared to be ignoring the warnings. 

Also in January, cyber intelligence company InterCrawler warned of vulnerabilities in VSATs, small, portable terminals widely used in the military for field operations when line-of-sight communications aren’t available. IntelCrawler scanned VSATs around the world and found many of them to be poorly protected or unprotected.