A security firm found that widely used satellite communications (SATCOM) terminals, which are often used by the military, government and industrial sectors, were vulnerable to a number of critical vulnerabilities.
Ruben Santamarta, principal security consultant for IOActive, authored a white paper, published Thursday, on the threat. The 25-page report, called “A Wake-up Call for SATCOM Security,” (PDF) compiled findings gleaned from three months of research, from October to December of last year.
Throughout the months, analysts reverse engineered publicly available firmware updates for popular SATCOM technologies from vendors Harris, Hughes, JRC, Iridium, Thuraya and Cobham. As a result, IOActive researchers found critical flaws in all of the device firmware – namely, issues that could be exploited to intercept, alter, or block sensitive satellite communications.
Some issues found were backdoors, defined in the paper as “mechanisms used to access undocumented features or interfaces not intended for users.” In addition, other vulnerabilities were uncovered, such as the use of hardcoded credentials, insecure protocols and weak encryption algorithms.
In the paper, researchers detailed attack scenarios that could be leveraged through exploit.
In one case, IOActive found that Cobham's SAILOR 6000 Series communications suite left ship security alert systems (SSAS) vulnerable to compromise.
“An attacker can install malicious firmware in order to control devices, spoof data or disrupt communications,” the white paper said, later explaining that SSAS aids in maritime security and thwarting acts of terrorism and piracy.
Ultimately, the SAILOR 6000 vulnerabilities, which included insecure protocols and hardcoded credentials, could be leveraged to spoof or delete incoming communications, like distress calls from other ships or weather warnings, the paper revealed.