SATCOM Terminals: Hacking by Air, Sea, and Land

Presented at Black Hat USA 2014, Aug. 7, 2014, 3:30 p.m. (60 minutes).

Satellite Communications (SATCOM) play a vital role in the global telecommunications system. We live in a world where data is constantly flowing. It is clear that those who control communications traffic have a distinct advantage. The ability to disrupt, inspect, modify, or re-route traffic provides an invaluable opportunity to carry out attacks. SATCOM infrastructure can be divided into two major segments, space and ground. Space includes those elements needed to deploy, maintain, track, and control a satellite. Ground includes the infrastructure required to access a satellite repeater from Earth station terminals. Earth station terminals encompass the equipment located both on the ground and on airplanes and ships; therefore, this segment includes air and sea. This specific portion of the ground segment was the focus of our research. We analyzed devices, from leading SATCOM vendors, used to access services such as: - Inmarsat-C - Inmarsat BGAN / M2M - FleetBroadBand - SwiftBroadBand - Classic Aero Services - GMDSS (Global Maritime Distress Safety System) - SSAS (Ship Security Alert System) IOActive found that 100% of the devices could be abused. The vulnerabilities we uncovered included multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols or weak encryption algorithms. These vulnerabilities allow remote, unauthenticated attackers to fully compromise the affected products. In certain cases no user interaction is required to exploit the vulnerability, just sending a simple SMS or specially crafted message from one ship to another ship can do it. The talk will show all the technical details, mainly based on static firmware analysis via reverse engineering, also including a live demo against one of these systems. Ships, aircraft, military personnel, emergency services, media services, and industrial facilities (oil rigs, gas pipelines, water treatment plants, wind turbines, substations, etc.) could all be impacted by these vulnerabilities.

Presenters:

  • Ruben Santamarta - IOActive
    Ruben Santamarta works as Principal Security Consultant at IOActive. He has over 10 years experience working for the security industry in different roles such as malware analysis or exploit development. Ruben has found dozens of vulnerabilities in products from leading IT and ICS vendors, being these last ones where he is currently focused. Ruben has presented at international conferences such as Ekoparty, RootedCon, Black Hat USA, and AppSec DC.

Links:

Similar Presentations: