SATCOM Terminals: Hacking by Air, Sea, and Land by Ruben Santamarta

Описание: "Satellite Communications (SATCOM) play a vital role in the global telecommunications system. We live in a world where data is constantly flowing. It is clear that those who control communications traffic have a distinct advantage. The ability to disrupt, inspect, modify, or re-route traffic provides an invaluable opportunity to carry out attacks.

SATCOM infrastructure can be divided into two major segments, space and ground. Space includes those elements needed to deploy, maintain, track, and control a satellite. Ground includes the infrastructure required to access a satellite repeater from Earth station terminals.

Earth station terminals encompass the equipment located both on the ground and on airplanes and ships; therefore, this segment includes air and sea. This specific portion of the ground segment was the focus of our research. We analyzed devices, from leading SATCOM vendors, used to access services such as:

Inmarsat-C
Inmarsat BGAN / M2M
FleetBroadBand
SwiftBroadBand
Classic Aero Services
GMDSS (Global Maritime Distress Safety System)
SSAS (Ship Security Alert System)

IOActive found that 100% of the devices could be abused. The vulnerabilities we uncovered included multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols or weak encryption algorithms.

These vulnerabilities allow remote, unauthenticated attackers to fully compromise the affected products. In certain cases no user interaction is required to exploit the vulnerability, just sending a simple SMS or specially crafted message from one ship to another ship can do it.

The talk will show all the technical details, mainly based on static firmware analysis via reverse engineering, also including a live demo against one of these systems.

Ships, aircraft, military personnel, emergency services, media services, and industrial facilities (oil rigs, gas pipelines, water treatment plants, wind turbines, substations, etc.) could all be impacted by these vulnerabilities."