IOActive reports finds serious risks -- and slim prospects for fixes -- in satellite communications
I generally feel underwhelmed when I hear some report of how easy it is to hack almost anything, such as traffic lights, cars, trains, or airplanes. Like most of the digital world, they were not designed by people with a strong understanding of malicious hacking.
With that basic assumption in mind, IOActive decided to assess the vulnerability of communication satellites. In a nutshell, here's what it found:
... malicious actors could abuse all of the devices ... The vulnerabilities included what would appear to be backdoors, hard-coded credentials, undocumented and/or insecure protocols, and weak encryption algorithms. In addition to design flaws, IOActive also uncovered a number of features in the devices that clearly pose security risks.
That about says it all. Anyone shocked?
You may think it's not terribly disastrous that regular, civilian satellites can be hacked. But certainly, military satellite communications in war zones have a higher level of computer security? Not necessarily.
IOActive began its project by downloading publicly available satellite device firmware updates, then reverse-engineering and analyzing. The systems they analyzed are involved in (and/or suitable for) maritime operations, personal communications, SCADA, voice, data, aeronautics, and military uses. Many of the devices appeared to use little or no security or security by obscurity. IOActive's report has a table listing the vendors and products it tested, along with the vulnerabilities found.
Full Article