Skip to main content

Hack the planet: vulnerabilities unearthed in satellite systems used around the globe

So this is bad. Black Hat, the king of enterprise security conventions, kicked off today, and most noticeable amid the fusillade of security research was some impressive work from Ruben Santamarta of IOActive, whose team has unearthed worrying vulnerabilities in satellite communication systems, aka SATCOM, used by airplanes, ships, and military units worldwide.

Now, it’s not catastrophically bad: in particular, while attackers could mess with or disable your in-flight Wi-Fi, conceivably try to hack into devices connected to them, and/or disable all in-flight satellite comms, they couldn’t actually affect any systems which control the airplane. The bigger worries are in the military or maritime spheres, because these are remote vulnerabilities — anyone on the Internet can hack into a connected vulnerable SATCOM device. Which is to say, presumably most of them, since communication is their whole reason for being.

In the former case, in addition to the risk of attackers modifying or disabling satellite communications, devices with onboard GPS could leak the location of military units. And in both cases, this opens up the prospect of “cyber-physical attacks”, a brilliantly dystopic phrase if ever there was one; basically, if you crank enough power through a satellite antenna, it can radiate energy powerful enough that it affects biological tissue and electrical systems. Same general principle as a microwave oven.

 

But wait, it gets worse! These are embedded systems. In general there’s no easy way to beam a remote upgrade to them; in some cases the only upgrade is a wholesale replacement. And while there are mitigations (not fixes per se, but approaches which will reduce the severity and likelihood of attacks) for aviation and military SATCOM, maritime systems are … more problematic.

So. Don’t worry too much if you’re not a sailor or a soldier, your airplane won’t plunge or divert because of this … but someone sitting at a computer far away on the ground might be able to take over your in-flight Wi-Fi. Santamarta (who has a history of this kind of thing) and IOActive are working with vendors and unspecified “government agencies” to address these vulnerabilities, but it sounds like, at least on the high seas, this problem is going to be with us for a while.

(The full technical talk regarding these vulnerabilities is tomorrow; today’s press conference was merely a teaser. I’ll update this post with any important details which arise there.)



from TechCrunch https://ift.tt/2MxkuNA

Comments

Popular posts from this blog

Android blatantly copies the iPhone X navigation gestures

Google unveiled some of the new features in the next version of Android at its developer conference. One feature looked particularly familiar. Android P will get new navigation gestures to switch between apps. And it works just like the iPhone X.“As part of Android P, we’re introducing a new system navigation that we’ve been working on for more than a year now,” VP of Android Engineering Dave Burke said. “And the new design makes Android multitasking more approachable and easier to understand.”While Google has probably been working on a new multitasking screen for a year, it’s hard to believe that the company didn’t copy Apple. The iPhone X was unveiled in September 2017.On Android P, the traditional home, back and multitasking buttons are gone. There’s a single pill-shaped button at the center of the screen. If you swipe up from this button, you get a new multitasking view with your most recent apps. You can swipe left and right and select the app you’re looking for.If you swipe up o…

Square launches restaurant point-of-sale platform

Square, which has already made its way into retail stores and service-based businesses (think hair salons, massage therapists, etc), is officially getting into the restaurant business with the launch of Square for Restaurants. Square for Restaurants is a point-of-sale system that handles everything from menu updates, floor layouts, employee scheduling, performance tracking to tip splitting.Usually, restaurants have “some old legacy thing or something else,” Square Seller Lead Alyssa Henry told me.“Historically, we’ve not served this customer segment very well,” Henry said. “With Square for Restaurants, we’re excited to finally be able to serve this customer segment and deliver on a couple of key things that are core to Square but also highly valued by sellers of all types.”This new product is designed to be fast, self-serve, elegant and cohesive, Henry said. It also integrates seamlessly into Square’s existing ecosystem that includes Payroll, Capital and more. Given Square’s ownership…