Flaws in SATCOM firmware could compromise security of planes and ships, warns Ruben Santamarta, who will show his findings at Black Hat USA
Security researcher Ruben Santamarta has claimed it is possible to compromise the internal systems of ships and aircraft, including passenger planes, using the vulnerabilities in on-board satellite broadband communications equipment.
Santamarta says he analysed hardware from leading Satellite Communications (SATCOM) vendors and found that “100 percent of the devices could be abused”.
The researcher will demonstrate his reverse-engineering techniques at the Black Hat USA conference in Las Vegas later this week. He told Reuters he hopes the presentation will serve as a wake-up call for the industry.
“These devices are wide open. The goal of this talk is to help change that situation,” said Santamarta.
Santamarta is a principal security consultant at IOActive. He has been working in this field for more than ten years and is responsible for uncovering dozens of vulnerabilities in commercial hardware, with a special focus on industrial control systems. On his blog, the researcher jokes that one of his objectives is to hack into the Large Hadron Collider and blow up the world.
For this year’s Black Hat, he started with something a bit more modest: after reverse-engineering popular SATCOM firmware from manufacturers like Cobham and Iridium, Santamarta found it full of backdoors, hardcoded credentials, undocumented or insecure protocols and weak encryption algorithms.
All of these vulnerabilities could allow an attacker to compromise the affected products, and potentially interfere with essential navigation and safety systems of the ship or a plane.
“In certain cases no user interaction is required to exploit the vulnerability, just sending a simple SMS or specially crafted message from one ship to another ship can do it,” wrote the researcher on the Black Hat website.
These vulnerabilities could affect not just transport but any field which relies on SATCOM equipment, including military installations, emergency services, media services, and industrial facilities.
Santamarta will explain his methods for discovering such software flaws and run a live demo at Black Hat on Thursday. So far, the SATCOM industry has downplayed the risks posed by unsecured firmware, but the talk is expected to reveal the level of technical details that has never been published before.
Last month, Black Hat announced it was cancelling the hotly anticipated presentation on identifying Tor users “on a budget”, since the researchers from Carnegie Mellon university did not receive permission to publish the materials developed at the government-funded Software Engineering Institute (SEI).
How well do you know network security? Try our quiz and find out!