LAS VEGAS— Where fiber and cell phones can't reach, satellite communications (SATCOM) systems pick up the slack. At the Black Hat security conference in Las Vegas, a security researcher demonstrated that not only are SATCOM systems vulnerable to attack, the consequences could be dire.
Coming tomorrow at #BlackHat2018 but we got a sneak peek. SATCOM hacking to the next level. Remotely compromising non-critical airplane systems, revealing the location of military bases, and even hijacking the antenna to fry skin and electronics. Deets soon. Watch @PCMag. pic.twitter.com/snHFlk40RK
— Bitter, Tired, and Sweaty (@wmaxeddy) August 8, 2018
Attacking SATCOM
Santamarta said his research focused on three main sectors that use SATCOM systems: aviation, maritime, and military. He found that all of these sectors were vulnerable in different ways, and all of his attacks could be executed remotely. While he found potential security breaches in all sectors, but also uncovered specific safety risks for SATCOM use in military and maritime fields.
In the case of aviation SATCOM, Santamarta said he could attack an aircraft in flight from the ground, and could intercept and disrupt non-safety communications, including the onboard public Wi-Fi. While Santamarta stressed that his extensive work with government agencies and aviation companies found no specific safety risk for aviation SATCOM systems, his attacks could be used to compromise security. The digital devices used by the passengers and the crew of the aircraft, for example, could be attacked via the onboard Wi-Fi.
In the case of maritime and military SATCOM use, Santamarta discovered vulnerabilities that could actually endanger the lives and wellbeing of people relying on these systems. He could, for instance, alter the antenna position or configure the antenna to use so much power that it compromised navigational systems. The ship's crew and passengers would be left adrift at sea without reliable navigation.
Concerning military SATCOM systems, Santamarta found he could extract the exact GPS coordinates of the antenna to reveal the location of military installations. This poses a clear security and safety risk to military personnel in the field.
Going High-Powered
In his research, Santamarta found he could control not only the position of the SATCOM antennas, but the power of the transmission as well. This meant he could potentially attack the transponders within satellites themselves. This could have drastic earthbound consequences.
"It is possible to use a specific amount of power in the transmission to create a scenario where biological and electrical systems can be affected," Santamarta explained. "This can be used to create burns if [people] are affected by the transmission of the attena."
Recommended by Our Editors
SATCOM hacks could also cause malfunctions in electrical systems. The principle of the antennas, said Santamarta, was very similar to a microwave oven, hence the possibility of the so-called "cyber-physical attacks" he described.
Because of the sensitive nature of his research, Santamarta and representatives from his employer IOActive stressed the cooperation between themselves, vendors, and relevant government agencies in order to ethically disclose the vulnerabilities. Santamarta said mitigations for these attacks are already in development. However, fixing these problems completelyy could be more challenging. SATCOM devices are expensive and physically attached to vehicles and buildings, making repair or replacement difficult.
Santamarta will provide more details about his attack in an upcoming Black Hat talk, but some details will have to be disclosed over the course of months in order to do so ethically. Keep reading PCMag.com for more coverage from Black Hat 2018.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
)