Follow Slashdot stories on Twitter


Forgot your password?
Security Communications

The Dismal State of SATCOM Security 54

An anonymous reader writes "Satellite Communications (SATCOM) play a vital role in the global telecommunications system, but the security of the devices used leaves much to be desired. The list of security weaknesses IOActive found while analyzing and reverse-engineering firmware used on the most widely deployed Inmarsat and Iridium SATCOM terminals does not include only design flaws but also features in the devices themselves that could be of use to attackers. The uncovered vulnerabilities include multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols, and weak encryption algorithms. These vulnerabilities allow remote, unauthenticated attackers to compromise the affected products. In certain cases no user interaction is required to exploit the vulnerability; just sending a simple SMS or specially crafted message from one ship to another ship would be successful for some of the SATCOM systems."
This discussion has been archived. No new comments can be posted.

The Dismal State of SATCOM Security

Comments Filter:
  • by Anonymous Coward on Thursday April 17, 2014 @11:50AM (#46779785)

    Isn't it great how security went from a concern, to an afterthought, to completely irrelevant over the span of twenty years? Only to be magically resurrected as a hot button issue of worldwide concern for every other news story for arguably the next 5 years. And all because big corps, with all their endless offshoring, cost cutting, profit seeking, litigation circumvention, and merciless assault on tax avoidance will continue to skip to the loo with endless payrolls, blaming all of this all the while on "outside forces". It makes me feel like IT Security is as fun a joke in the boardroom as GAAP. We don't even have a real ruling body anymore according to IETF sources. Is there anything that isn't a mucked up mocked up half assed attempt at stopping this all?

  • by cusco ( 717999 ) <> on Thursday April 17, 2014 @12:42PM (#46780235)

    The problem is that reliability has always been considered as paramount in these devices, for very good reasons, and inserting a security layer in the stack increase the likelihood of problems and increases their complexity. There are satellite phones out there which have been in almost continuous use for 15 years, good luck flashing that firmware to handle encryption or to obfuscate that hard-coded password. For most satellite communications users I don't foresee the situation changing any time soon. They guy running a gold dredge in the upper Amazon isn't going to want to cough up for a new phone when his current one has been working fine for the last decade, nor is the tribal chief in New Guinea or the crab boat captain in the the Bering Straight. What they have works, and they don't give a shit whether the phone can be hacked as long as it works when they really need it. The commodities speculator in his Lear jet might be concerned, let him pay for the system upgrades, but leave the rest of the system backwards compatible for those people who need reliability overall.

Always leave room to add an explanation if it doesn't work out.