Security flaws in many satellite telecommunications systems leave them open to hackers, raising potential risks for aviation, shipping, military and other sectors, security researchers said Thursday.Federal Aviation Administration System Command Center in Herndon, Virginia, on August 12, 2002. A paper released by the security firm IOActive found "multiple high risk vulnerabilities" in all the satellite systems studied.
"These vulnerabilities have the potential to allow a malicious actor to intercept, manipulate, or block communications, and in some cases, to remotely take control of the physical device," the report said.
Ruben Santamarta, author of the report, said he was concerned "because satellite communications are used in a variety of critical scenarios."
Santamarta told AFP that most ships and aircraft use satellite communications, and in some cases military communications use these commercial satellite systems.
Many of the issues lie in the Broadband Global Area Network (BGAN) satellite receivers that the manufacturers produce with Inmarsat, the satellite operator that provided tools vital in helping locate the Malaysian passenger plane MH370 that crashed last month. BGAN is designed to provide internet and voice connectivity for remote teams.
The affected Harris BGAN satellite terminals are used by the military, including Nato, for tactical radio communications. Thanks to the vulnerabilities, a hacker could install malicious software on the devices to obtain the location of the soldiers using the kit, or even disable the systems, according to IOActive.
Cobham produces most Inmarsat terminals, a handful of which were found to be vulnerable. Those used in shipping, such as the Ship Security Alert System, could be exploited to prevent vessels detecting distress messages or direct those containing sensitive cargo on a collision course, suggested Ruben Santamarta, the IOActive researcher who found the alleged weaknesses.
The Cobham Aviator machines could be compromised to alter satellite communications, such as the Aircraft Communications Addressing and Reporting System (Acars), used by a plane, he added.
The company began its research in 2013, and in early 2014, a security warning was issued by the Computer Emergency Response Team, a group of researchers backed by the US Department of Homeland Security.
IOActive said however that most of the satellite telecom (SATCOM) vendors did not respond to the January alert to upgrade their systems despite the nature of the risks.
"If one of these affected devices can be compromised, the entire SATCOM infrastructure could be at risk," the report said.
"Ships, aircraft, military personnel, emergency services, media services, and industrial facilities (oil rigs, gas pipelines, water treatment plants, wind turbines, substations, etc.) could all be impacted by these vulnerabilities."
Santamarta added, "I hope this research is seen as a wake-up call for both the vendors and users of the current generation of SATCOM technology."
Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter
No comments:
Post a Comment