Research firm says satcom terminals wide open to exploits

News by Steve Gold

Report calls on vendors to provide official workarounds

Researchers with IOActive - the security research firm made famous by its security director, the late Barnaby Jack,  who sadly passed away last July - claim that satcoms terminals from the likes of Inmarsat, Iridium and Thuraya are extremely vulnerable to abuse.

These satcoms terminals relay data signals – including VoiP and IPTV transmissions - to and from satellites that orbit the earth, either in a geosynchronous (static) or low Earth orbit configuration.

According to Ruben Santamarta, an IOActive principal security consultant and lead author of the report, after researching numerous satcom terminals, he found that all of the devices were vulnerable to abuse.

Vulnerabilities on the units include what appear to be multiple backdoors, hard-coded credentials, undocumented and insecure protocols, and weak encryption algorithms. In addition to design flaws, he also found that unwittingly introduced features in the devices pose security threats.

Santamarta and his team reverse engineered publicly available firmware updates to terminals from the likes of Cobham, Harris, Hughes, Iridium, JRC plus Thuraya - and found vulnerabilities in every piece of firmware.

Whilst satcoms terminals are perhaps best-known for use when transmitting TV and radio segments from far-flung locations, because the user base is far wider than this - including military and aviation applications - the report says the vulnerabilities have the potential to allow a malicious actor to intercept, manipulate, or block communications. And in some cases, it notes, to remotely take control of the physical device.

"Considering the sectors where these products are deployed and the affected vendors, the specific nature of the vulnerabilities IOActive uncovered is of great concern," says the analysis, adding that IOActive is working with CERT to contact the terminal manufacturers to remediate the security issues, although - with the exception of Iridium - the vendors have not responded to a series of requests sent by the CERT Coordination Centre and/or its partners.

"If one of these affected devices can be compromised, the entire satcoms infrastructure could be at risk,” says the report.

“Ships, aircraft, military personnel, emergency services, media services, and industrial facilities (eg oil rigs, gas pipelines, water treatment plants, wind turbines, substations, etc) could all be impacted by these vulnerabilities," concludes the report, noting that the research should be a wake-up call for both vendors and users of satcoms terminals alike.

Professor Peter Sommer, a digital forensics specialist and visiting professor with de Montfort University, told that the results of the research are interesting, but pointed out that many of the vulnerabilities require that hackers gain access to the hardware itself.

"I think you need to look at the motivation of the people attacking these types of systems," he said, adding that the potential for disruption - such as in the example of satellite-based TV transmissions - is nonetheless quite considerable.

This is particularly true, he says, in the case of military applications with these types of terminals, although some modification of the hardware is also required.

The bottom line here, he concluded, is that hackers would both need access to the terminals and high degree of motivation in order to successfully stage their satcoms terminal hacks.  

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews