We shall hack on the beaches, we shall hack on the landing grounds, we shall hack in the fields and in the streets, we shall hack in the hills; we shall never surrender.
– Dude W!n$t0n Chur(h!11
CSO Online has a rather interesting article about security flaws in a variety of satellite communications systems. The article is a bit alarmist about the matter, but so is the white paper from IOActive on which the article is based, so that’s excusable. Let’s look at some of the issues.
On the “pro-alarmism” side is the breadth of vulnerabilities. The researchers found vulnerabilities in ten separate products from a variety of vendors, utilizing a variety of satellite services. Moreover a lot of them are bad ones: hardcoded administrative credentials, undocumented maintenance backdoors, and poorly-authenticated password reset mechanisms top the list.
Also on the plus side is the application space: SATCOM isn’t a typical end-user network access, but it tends to be used in critical applications: maritime, deployed military, aerospace, emergency services and industrial applications. Think situations with a field deployment, often mobile, where there is no fixed infrastructure. This is definitely a place where you don’t want your comms to go kaput.
Sounds bad, right? Well, it’s not as bad as it seems. According to CSO Online, “To exploit the vulnerabilities, an attacker would have to first compromise or gain physical access to a PC connected to one of the above networks…”. So these are not remote exploits; rather, one would first have to compromise a machine that is using the SATCOM modem for network access.
But it’s not good either: certainly compromising a user terminal and using it to pivot to the SATCOM modem is very possible. And presumably one can use this access to reconfigured the SATCOM modem, and maybe even become a man-in-the-middle, but this is where this research is weakest…other than denial of service, they don’t really mention much in the way of bad effects.
Nutshell: lots of smoke, but there’s definitely some fire there too. The researchers at IOActive are doing things the right way, trying to work with vendors to implement fixes, but this is definitely something to keep an eye on, especially if you’re in the field!