TENERIFE–The security of wireless networks and devices is generally regarded as somewhere between mediocre and horrendous. And that’s after nearly 20 years of attention from researchers. Now, some of those researchers are focusing on satellite systems and networks and are finding the security of those targets depressingly bad.
Gabriel Gonzalez, a researcher at IO Active, is one of the experts who has been spending time assessing the security of satellite systems, and he said that there are serious problems that need to be addressed. One of the easy targets for researchers and attackers is the modem that systems use to communicate with satellites. Gonzalez said they’re key choke points and much of the traffic going in and out of the modems is sent in the clear.
“Everything sounds so silly you will cry after I present it.”
“One important point to attack is the modem, because all of the traffic goes through them. Most of the time it’s not encrypted, so you can eavesdrop on all of the traffic,” Gonzalez said during a talk at the Kaspersky Lab Security Analyst Summit here Tuesday. “This is a very interesting attack point.”
To demonstrate how simple attacks on satellite modems are, Gonzalez detailed the steps he took to attack a specific model. Many of the modems are available on eBay for relatively low prices, and finding the manuals online is easy with a quick Google search, he said. Many of the firmware drivers for the modems also are available online, and Gonzalez said he found a version of the driver for his modem and then spent some time reverse engineering it.
“Everything sounds so silly you will cry after I present it,” he said.
Gonzalez looked for open interfaces on the modem and then began pinging them to see what he could do. He was able to inject commands and also found that the modem had a hardcoded root password.
“It’s undocumented, and there’s no way to change it,” he said.
Gonzalez took the password and ran it through the John the Ripper password cracking tool and found it was really weak and easily crackable.
“If you’re an attacker and you’re able to find this, you can own every one of these modems in the world,” he said.
Satellite communications are used in a variety of applications, including for smart energy meters of the kind that are installed in homes and businesses now. They often use GSM to communicate with the utility and Gonzalez said the meters are good targets for attackers.
“They’re usually on customer premises, so they’re accessible to attackers. They could be open to fraud, service disruptions, wide scale attacks and other problems,” he said.
