Several satellite communication systems manufactured by leading companies claimed to have vulnerabilities which allow remote hackers to intercept, manipulate, block and even control the entire communications system of the device.
According to a research conducted by security consultancy firm IOActive, the vulnerabilities can have severe bearing on the safety of ships, aircraft, military personnel, emergency services, media services, and industrial facilities (oil rigs, gas pipelines, water treatment plants, wind turbines, substations).
The vulnerabilities included hardcoded credentials, undocumented protocols, insecure protocols, and backdoors.
IOActive studied satellite communications (SATCOM) devices used in military, aerospace, maritime, critical infrastructure, during last quarter of 2013.
The study mainly focused on ground basted SATCOM systems manufactured by leading manufacturers including Harris, Hughes, Cobham, Thuraya, JRC, and Iridium.
Through analysis and reverse engineering of the freely and publicly available firmware updates of popular SATCOM technologies, IOActive found that hackers can exploit all the devices.
"Insecure and undocumented protocols, backdoors, hard-coded credentials…mainly design flaws that allow remote attackers to fully compromise the affected devices using multiple attack vectors," the report added.
"These vulnerabilities allow remote, unauthenticated attackers to compromise the affected products."
"In certain cases no user interaction is required to exploit the vulnerability; just sending a simple SMS or specially crafted message from one ship to another ship would be successful for some of the SATCOM systems."
IOActive researchers also claim that in addition to the vulnerabilities and design flaws, a number of features in the devices could pose security risks.
The researchers have also recommended that the manufacturers and resellers should remove all publicly accessible copies of device firmware updates from their websites and strictly control access to updates in the future.
SATCOM technologies help access internet remotely, help vessels and aircrafts operate safely as well as provide critical communication to military and emergency services.
