The list of security weaknesses he and his colleagues found while analyzing and reverse-engineering firmware used on the most widely deployed Inmarsat and Iridium SATCOM terminals does not include only design flaws, but also features in the devices themselves that could be of use to attackers.
"We live in a world where an ever-increasing stream of digital data is flowing between continents. It is clear that those who control communications traffic have an upper-hand," Santamarta pointed out in a recently released whitepaper documenting their research. "The ability to disrupt, inspect, modify, or re-route traffic provides an invaluable opportunity to carry perform surveillance or conduct cyber-attacks."
Many important industries depend on satellite networks, including the maritime and aerospace sectors, emergency services, the energy and military sectors, and the media. IOActive researchers have concentrated on analyzing the terminals used on the ground segment of the SATCOM infrastructure.
"Our research was not intended to stress the software in search of common memory corruptions, but rather to understand the devices’ native security strengths and weaknesses," he pointed out, and unfortunately, the weaknesses abound.
"The vulnerabilities we uncovered what would appear to be multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols, and weak encryption algorithms. These vulnerabilities allow remote, unauthenticated attackers to compromise the affected products. In certain cases no user interaction is required to exploit the vulnerability; just sending a simple SMS or specially crafted message from one ship to another ship would be successful for some of the SATCOM systems," Santamarta shared.
Technical details that would allow attackers to take advantage of the found vulnerabilities have, of course, not yet been widely shared. The company is working with government CERT Coordination Center and the vulnerable vendors to fix them before making those details public.
In the meantime, they advised SATCOM manufacturers and resellers to remove all publicly accessible copies of device firmware updates from their websites, so that attackers can't download them freely and scour them for usable vulnerabilities.
Despite all this, the aforementioned whitepaper is an extremely interesting read, as it details a variety of possible attack scenarios.