LAS VEGAS — It turns out that satellite communications, just like anything else that relies upon computers and communications, are hackable. And that is pretty scary, since satellite communications systems are usually very expensive and are part of much larger and life-critical systems such as aircraft.
That was the gist of a talk by Ruben Santamarta, a security researcher at IOActive, at the Black Hat security conference in Las Vegas. As alarming as that sounds, Santamarta said he was able to discover a number of vulnerabilities related to satellite communications that had varying degrees of importance. That includes hacking into an aircraft’s system using in-flight Wi-Fi services.
“It doesn’t mean we can crash an aircraft,” Santamarta said. “But we can access the system through Wi-Fi networks.
Aircraft, for instance, can use multiple types of communications as backup systems. Satellite communications take place either in space or on the ground. Santamarta’s investigation focused on ground-based communications. Sectors that use it include maritime, industrial, military, aerospace, entertainment, and media.
Santamarta looked into vulnerabilities including hard-coded credentials, maintenance backdoors, insecure protocols, and undocumented protocols. He found that multiple manufacturers created their own vulnerabilities by the the use of hard-code log-in credentials, which give a service technician the ability to access any piece of equipment with the same login and password. Hackers can discover those passwords and use them to gain access to the equipment.
“Lots of vendors are affected,” Santamarta said.
Among those mentioned in his talk were Iridium, Hughes, Harris, Cobham, JRC, Inmarsat, and Thuraya. Iridium told Santamarta that the hack he suggested wasn’t possible. Back in April, Santamarta published a 25-page paper describing some of the problems.
“We are exposing all of the devices that we looked at previously in a white paper,” Santamarta said.
One serious problem: Santamarta showed how it was possible to use an in-flight Wi-Fi network to break into a plane’s avionics equipment. Normally, such networks are used to send entertainment to seats or to enable satellite-based Internet browsing at 30,000 feet. Santamarta has tried this in a lab but not in a real plane.
The Federal Aviation Administration considers the possibility of network hacking serious enough that it has told aircraft makers to make sure that entertainment systems and flight control systems run on completely different networks with different levels of security, Santamarta said.
Although the risks of compromised networks are high, Santamarta said the networks themselves did not have much built-in security. Once you compromise a password and are inside, you can pretty much do anything.
“Once you are in, it is game over,” he said.