back to article Sat comms kit riddled with backdoors for hackers – researcher

Security researchers claim to have uncovered myriad security problems with satellite communication systems. But while major manufacturer Iridium said the security weaknesses identified by security researchers at IOActive were in hand, Thuraya, another satellite comms service, has criticised the report as inaccurate. Ruben …


This topic is closed for new posts.
  1. Anonymous Coward
    Thumb Down

    Not a good example of a security document

    Having read this I can say that this is less than a shining example of how to publish this type of research. It is long on claims (which anyone can make) but pretty short on proof, and as has been pointed it it contains some pretty significant errors regarding Thuraya - the sort of errors that anyone with any real knowledge of the industry would simply never make. Saying that however, some of the allegations are pretty believable; having worked on early development models of the Cobham (ex Thrane & Thrane) BGAN terminals when testing the system as a whole, I actually knew the hidden passwords that are hardcoded in the systems, although they are not that easy to guess. The fact that other manufacturers have also used hardcoded passwords is no real surprise since they typically use these for development and maintenance purposes.

    I do wonder whether this is such an important issue as the author makes out, or whether he is just trying to make a name for himself. The fact is this is the sort of equipment that you do not find in everyday use; the vast majority of people will live their lives without ever seeing a satellite terminal. Many of the terminals models cited in the report are either not directly connected to the Internet as a whole, or only connected at random intervals. In both cases they would be very difficult targets for hackers to attack, and even if attacked and compromised it would be difficult for someone to do more than just disrupt the satellite link (easy to reset if necessary). You certainly could not insert malware into these devices simply because they do not use "standard" PC-type hardware platforms.

    IMHO, a storm in a teacup.

    1. Gordon 10

      Re: Not a good example of a security document

      Interesting to see downvotes but no rebuttals. Which leads me to assume the OP is broadly correct.

      Probably big deals from a purist security standpoint but probably reasonally diminished risk once actual use cases are taken into account.

      ie whats the monetisation/propaganda benefit for criminal gangs or individuals.

      Does it meet the proportionality test for State Actors. ie could they gain similar results with another approach?

      The fact that the Authors approach seems to have been theoretical in places also casts doubt on the level of alarm needed for this.

      Also I think the Authors may have missed an opportunity for more alarmist headlines by suggesting that MH370 could have been p0wned by these vunerabilities.

      1. Alan Brown Silver badge

        Re: Not a good example of a security document

        "ie whats the monetisation/propaganda benefit for criminal gangs or individuals."

        Being able to make ships "disappear" is a pretty big benefit. There's still a lot of piracy going on despite sat tracking systems and being able to make a ship disappear off the grid in order to reflag it makes the business a lot less risky.

        Being able to make it disappear off the grid and possibly send fake navigation updates well _before_ you attack it has even greater benefits.

        The Somali pirates are decided amateurs. Professional pirates go out of their way to avoid drawing attention to themselves.

  2. Anonymous Coward
    Anonymous Coward


    Does anyone have reason to believe these alleged flaws were put there by intelligence agencies?

    1. Psyx

      Re: NSA?

      No. Nothing that's not knee-jerk leaping to conclusions, anyway.

    2. LesC
      Big Brother

      Re: NSA?

      Pre - Snowdon you would be advised on where you can buy your tin hat. Now. Who Knows. Have an upvote.

    3. Alan Brown Silver badge

      Re: NSA?

      No. These backdoors have been there forever.

      The difference these days is that the documentation is a lot harder to control and should someone get hold of a terminal to reverse engineer it, the informaton will circulate amonsgt the bad guys pretty quickly thanks to the Internet.

      As for comments about pimply teenagers: These devices are easily affordable by the criminal groups who would benefit most from exploiting them. This kind of stuff moved well outside the realms of kiddies in bedrooms a long time ago.

  3. JeffyPoooh

    Security through cost

    The pimply teenage hackers living with their Mom can't afford these terminals. They can't even get near them. That addresses about 99% of the hacker problem.

    The commercial satellite networks themselves, being "radio", are susceptible. There exists 'protected' radio networks, but they're all spread-spectrum, frequency-hopping, military and you can't afford them.

    1. M Gale

      Re: Security through cost

      It isn't the script kiddies you need to worry about.

      The important thing here though, is what are the ramifications for LOHAN? Are we going to see the vinyl-wrapped beast performing a Death From Above manoeuvre at the behest of some Guy Fawkes Mask-wearing Spanish trolltard?

      THE PUBLIC MUST KNOW, and such.

  4. Mage Silver badge

    Satellite Comms

    Always had rubbish security. The Geostationary 2 way data traditionally poor too.

    The vendors only ever worried about:

    1) Control access of Satellite

    2) Getting payment for use of it.

    Security of the actual transmission has mostly been rubbish, though the DOCSIS derived Ka Band 2 way stuff might be better. But that doesn't apply to Iridiium, Thuraya and Inmarsat who have probably all relied on cost of kit and security via obscurity. Iridium I think is now effectively owned by US Government after going bust so either way NSA, CIA etc no doubt track everything. Inmarsat may not so much worry as long as everything is paid for. Similarly Thuraya, who I think are smallest but do have cute GSM/Satellite dual Mode, I think their main market is Arabs from Morocco to Qatar..

    The control channels traditionally on satellite generally are poor sensitivity so that you need a 3.5m+ dish or larger with real time tracking. I've wondered how good C&C security is?

    Even since Echelon days, never mind today's wholesale tapping of fibre and Internet the Satellite comms was all tapped.

    Rent a site with disused 4.8m or bigger telcoms dish claiming you will be opening an industrial park. This isn't script kiddie territory.

  5. Anonymous Coward
    Anonymous Coward

    Trust me, Satellite DOCSIS doesn't increase security. But, there is plenty of security on TT&C links and systems (what you call "C&C"), at least for the major commercial satellite operators.

  6. Stevie



    All your satnav are belong to us.

    Yours sincerely,

    Your Alien Overlords.

  7. amanfromMars 1 Silver badge

    In Praise of Backdoors which be Heavenly Portals to Some and Dark Web Money Pits for Others

    Regardless of any specifics as may be mentioned by researchers and reverse engineers, are any sat comms kit providers/peddlars prepared to guarantee, with punitive monetary redress against themselves in the event of a demonstrable obvious failure/systems compromise, that their systems do not have backdoors….. for hackers and crack coders …. the smarter renegade independent rogue state and/or non-state actor types for novel hire and probably very wise permanent retainment on secret flexible contract, or any others such as may be more normally employed and/or sympathetic to the likes of a snooping government or spooky intelligence servicing and/or stealthy intelligence servering agency?

    Absent that product in the market place, are they all providing a recognised unsecured and unsecurable service for, and in, both hardware and software, and that has them silently pleading guilty to pumping and dumping vapourware to valuable clients ….. which they obviously do not highly value at all with their selling to them of dodgy comprisable kit.

    And the moral lesson of the above tale? ....... Buy the best hackers and code crackers that money can buy. Anything less will be extremely costly for nothing is safe against them whenever they take more than just a passing interest in the way things are presently, rather than how they should be and can be in the future, which is always quite naturally completely different from the past, which was itself, in its own day, the present, with its future being that which we know of as today.

    1. M Gale

      Re: In Praise of Backdoors which be Heavenly Portals to Some and Dark Web Money Pits for Others

      I think I need more drugs. Or maybe less. The Martian is beginning to make sense again. +1 and all that.

  8. Anonymous Coward
    Anonymous Coward

    "tested by experts in the field"

    Uhhh, yeah, I'll put an expert on a rocket into space to test your device in its native habitat...

  9. Anonymous Coward
    Anonymous Coward

    Don't use your mobile operators voicemail....

    After all this kicked off, we now use a third-party voicemail service.

    We just enter the "divert when Busy / Engaged / Sat on toilet" setting and tell it to divert the calls to 020xxxxx This then takes my messages and sends me an SMS saying I have a new voicemail and its sat their in my email in-box. Personally, I don't keep messages on the VM server for safety.

  10. Idocrase

    Robco Industries Unified Operating System

    Copyright 2075-2077 Robco Industries

    -Server 1-

    >Enter New Positioning Data

    >Decrypt Coordinates: Satcom Array NW--07

    >Decrypt Coordinates: Satcom Array NN-03

    >Upload 'Highwater Trousers' activation










This topic is closed for new posts.