Forgot your password?
typodupeerror
Security

Small Satellite Dish Systems 'Ripe For Hacking' 44

Posted by Soulskill
from the will-dish-it-out,-but-can't-take-it dept.
The Walking Dude writes: "According to the CS Monitor, 'Thousands of small satellite dish-based computer systems [VSATs] that transmit often-sensitive data from far flung locations worldwide – oil rigs, ships at sea, banks, and even power grid substations – are at high risk of being hacked, including many in the United States, a new cyber-security report has found.' Dr. Jason Fritz said, 'Vulnerabilities exist at all nodes and links in satellite structure. These can be exploited through Internet-connected computer networks, as hackers are more commonly envisioned to do, or through electronic warfare methodologies that more directly manipulate the radio waves of uplinks and downlinks.'"
This discussion has been archived. No new comments can be posted.

Small Satellite Dish Systems 'Ripe For Hacking'

Comments Filter:
  • by Anonymous Coward

    The 'hacking' fud is getting thick lately...

  • We'll see (Score:2, Interesting)

    by Anonymous Coward

    I have a hard time taking anything with the word "cyber" seriously.

  • Competition. (Score:2, Insightful)

    by Anonymous Coward

    I don't take computer security seriously any more. Everything's an arms race where the only way to win is not to be important enough for anyone to want to make an effort against you.

    If we had a culture based on cooperation rather than competition, we wouldn't have everyone taught and therefore trying to get one up on everyone else.

    It's been hundreds of years since humanity has established new societies based on cooperation (no, Marxism-Leninism is nothing of the sort). Let's stop lazily thinking of ourselve

    • by peragrin (659227)

      cooperation only works if you are not greedy or jealous.

      computer security needs to be thought of in the beginning. and it never really has been.

      from the protocols on up. security has generally been the last thought of computer programmers.

  • Although I nearly daily read papers from almost any university in the world, I had never heard of Bond "university". Which Bond is this - James Bond ?

    On a more serious note, though: "IntelCrawler" does not ring a bell, either. The only somewhat creditworthy title being cited is csmonitor. For the moment I am writing TFA off as hype-generation and FUD. I would love to be proved wrong, however.

    • by dbIII (701233)

      Which Bond is this - James Bond

      Alan Bond initially put up the finance for that private University. It's probably the third biggest University in the state of Queensland and has a decent reputation in CS. Being located in a city built around tourism it attracts a few conferences.

      As for the person it was named after - somehow Alan Bond managed to go broke selling beer to Australians.

  • No surprise (Score:3, Insightful)

    by Anonymous Coward on Sunday January 12, 2014 @06:27AM (#45931219)

    All software is shit, all hardware too. We've long abandoned a development model that is focused on correctness. It has been features, features, features for decades. So what do you expect? Of course everything's ripe to be hacked. We had a choice.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      "Abandoned" implies that this used to exist. Look at FTP, horrifically complex protocol that handles a lot of what we use load balancers to do today with zero security. The good old days weren't quite as good as we remember them to be.

    • I disagree, we never had a choice to do anything other than build these systems with their bugs. I know because I was there back in the dawn of remote digital telemetry systems. We had enough issues with just getting the stuff out of the door on time and to budget (and usually failed on both counts). Development models such UML & quality standards like ISO9001 just didn't exist back then.

      We we pioneers, not engineers.

      The real problem here is with the CEOs of the corporations that use this old tech
    • Re:No surprise (Score:4, Insightful)

      by KingOfBLASH (620432) on Sunday January 12, 2014 @08:41AM (#45931557) Journal

      Most locks can be picked with a lock pick

      Many cars can be compromised with a screwdriver and thin piece of metal to open them.

      Many anti-shoplifting devices can be disabled if you know how.

      The list goes on.

      True security costs money and effort. A LOT of it.

      For most applications, as a society, we err on the side of too little security (and accept the small chance that security will be compromised, because it's not an issue).

      This is because, historically, security issues have been quite local. People don't steal enough in most neighborhoods to justify putting bars on your windows. People don't shoplift enough to justify a full cavity search of anyone entering or exiting a department store.

      Technology is of course changing all of that. Before, if we know there is a 1 in a million chance of a bad guy in the population, most small communities were not afraid. Now, it is possible for a single determined hacker to do all kinds of crazy things. That's where people have not caught up, and in the future we will have to start making choices with regards to whether we want to expend the resources for true security. And we might do it if there are enough incidents to justify it -- but perhaps not before.

  • by spacefight (577141) on Sunday January 12, 2014 @06:28AM (#45931221)
    And nowadays we know that sat tracking is easy these days thanks to various free and open software/hardware around.

    If you can spare some minutes on a lazy Sunday, watch Travis Goodspeeds Talk on 30C3 from a couple of weeks ago.

    http://www.youtube.com/watch?v=ktnQ7nBCuqU [youtube.com]
    • by megabeck42 (45659)

      Can't you just download the keplerian elements from NORAD and use gpredict? Actually, doesn't gpredict automate that for you? I don't think you need any special hardware, just an accurate clock.

  • The headline is strangely construed to convey a false sense of security that large satellite dish systems are not ripe for hacking. All systems are no stronger than their weakest (back) door.
  • by Joe_Dragon (2206452) on Sunday January 12, 2014 @12:15PM (#45932521)

    GOODEVENING HBO
    FROM CAPTAIN MIDNIGHT
    $12.95/MONTH ?
    NO WAY !
      [SHOWTIME/MOVIE CHANNEL BEWARE!]
           

  • Anyone notice that he "hidden" or blanked out addresses were still listed in clear text just below the erased entries, albeit in slightly smaller text? Best part is they still let you see the protocol types the sites responded to. Telnet for the win, are they serious?

  • Are you saying we can hack our residential TV dishes like from Dish, DirecTV, etc.?

  • Aside from the attack in the article, one might think that VSAT terminals are much more susceptible to DDoS attacks because of their limited bandwidth and the carrier's Fair Access Policy. One might assume that pretty much anyone who wanted to could just send data to the IP address of one and The FAP will restrict the throughput.

    The thing is, the commercial VSAT providers have already thought of this. Each terminal is on a private network behind a NAT already, even if you're not using the software proxy a

As in certain cults it is possible to kill a process if you know its true name. -- Ken Thompson and Dennis M. Ritchie

Working...