LAS VEGAS — Some satellite communication terminals that the military uses in forward-deployed locations are highly vulnerable to a pervasive flaw, according to researchers with cybersecurity company IOActive. Company officials say they are already working with the Defense Department and the vendors that produce the buggy equipment. But because some of the terminals are currently with troops at forward operating bases, the researchers declined to name them, due to security concerns.
IOActive researcher Ruben Santamarta uncovered the vulnerability, which he said could be used to intercept GPS downlink signals that reveal the location of a terminal and the soldiers using it.
The terminals’ self-pointing antennas use GPS, and sometimes instructions from their operators, to aim themselves at the right satellite. That location data is supposed to be visible only to the operator, through management software. Santamarta showed he could access that management software remotely.
“Some of the exposure happened because of misconfiguration issues. It was not solely an issue with the product,” John Sheehy, director of strategic service for IOActive said. “The configuration issue is very fixable. We’ve confirmed that some of them have been fixed.”
Santamarta said that while the risk to troops is high, the risk of bad actors actually being able to use the exploit was only medium.
His research also suggests that slightly larger SATCOM terminals, of the sort used in civilian maritime operations, can be manipulated to shoot nearby people with radio waves in order to cause pain. “Using a specific amount of power, it is possible to create a scenario in which biological tissue is affected, [as well as] electronic and electrical systems. This can be used to create burns or provoke malfunctions in electrical system.” He revealed his work at this year’s Black Hat conference in Las Vegas, Nevada.
Four years ago, Santamarta revealed pervasive problems in satcom systems manufactured by Harris, Hughes, Cobham, Thuraya, JRC, and Iridium.