Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Communications

The Dismal State of SATCOM Security 54

An anonymous reader writes "Satellite Communications (SATCOM) play a vital role in the global telecommunications system, but the security of the devices used leaves much to be desired. The list of security weaknesses IOActive found while analyzing and reverse-engineering firmware used on the most widely deployed Inmarsat and Iridium SATCOM terminals does not include only design flaws but also features in the devices themselves that could be of use to attackers. The uncovered vulnerabilities include multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols, and weak encryption algorithms. These vulnerabilities allow remote, unauthenticated attackers to compromise the affected products. In certain cases no user interaction is required to exploit the vulnerability; just sending a simple SMS or specially crafted message from one ship to another ship would be successful for some of the SATCOM systems."
This discussion has been archived. No new comments can be posted.

The Dismal State of SATCOM Security

Comments Filter:
  • by DeTech ( 2589785 ) on Thursday April 17, 2014 @12:06PM (#46779945)
    LDR services like Inmarsat were never meant to be secure. Now if this was about AEHF that would be news.
  • Re:Encryption (Score:2, Informative)

    by Anonymous Coward on Thursday April 17, 2014 @12:11PM (#46779997)

    That won't protect you from denial of service attacks.

    And in quite a lot of the use cases, the reaction won't be "Bummer, can't get to slashdot" but will be:
    - "Bummer, can't warn the train driver there are boulders on the rail"
    - "Bummer, can't contact search and rescue and the ship is sinking"
    - "Bummer, can't contact HQ and request Air support to help with these guys shooting rpgs on my convoy"
    Note: Substitute "Bummer" with appropriate four letter word.

    type 1 encryption devices won't be available to most users (certainly not to civilians outside the US).

Thus spake the master programmer: "When a program is being tested, it is too late to make design changes." -- Geoffrey James, "The Tao of Programming"