海角大神

Satellite communication terminals, relied upon by US military aircraft, ships, and land vehicles to move in harmony with one another, are susceptible to cyber-attack through digital backdoors and other vulnerabilities, according to a new report that has sent a tremor through the global satellite telecommunications industry.

The report by IOActive, a Seattle-based cyber-security firm, arrives amid heightened concerns over a surge in cyber-attacks against satellite communications systems and vendors worldwide, industry experts say.

According to the IOActive report, a forensic security analysis of computer code buried inside the circuit boards and chips of the world鈥檚 most widely used SATCOM terminals found multiple potential hacker entry points. Many terminals use small dishes or receivers that ride on the roof of a military vehicle, the bridge of a ship, or inside a troop transport aircraft, the report said.

Built by a half-dozen of the world鈥檚 leading SATCOM equipment manufacturers, the SATCOM terminals cited in the report also serve nonmilitary uses, such as data collection from remote oil and gas pumping sites, pipelines, or retail chain stores. All involve sending data from far-flung operations up to large commercial satellite networks and back down again to their respective headquarters.

Industry officials, who generally acknowledged the proliferation of cyber-threats to the communications industry and were aware of the IOActive report, say SATCOM terminals are very secure when security features are turned on and used properly and are not insecure by design.

But what cyber-security researchers found when reverse-engineering the SATCOM terminals鈥� firmware 鈥� the core computer code stored on the memory chips that primarily control the equipment 鈥� was a shocker, they said.

鈥淚OActive found that malicious actors could abuse all of the devices within the scope of this study,鈥� wrote report author Ruben Santamarta, a principal consultant to the company. 鈥淭hese vulnerabilities have the potential to allow a malicious actor to intercept, manipulate, or block communications, and in some cases, to remotely take control of the physical device.鈥�

Vulnerabilities in the firmware include digital 鈥渂ackdoors鈥� built into the computer code, as well as 鈥渉ardcoded credentials,鈥� either of which could be used for unauthorized easy access to the devices, according to the report.

In addition, insecure communications protocols (languages) and relatively weak encryption on the system were other key problems, said the report, titled 鈥淎 Wake-up Call for SATCOM Security.鈥�

In at least some cases, an adversary might need only send a text message that included malicious code 鈥� one of several options 鈥� to take control of the SATCOM terminal, the researchers said. A nation-state adversary or hacker could then fake the locations of aircraft, ships, and ground forces 鈥� as well as emergency messages.

鈥淚f one of these affected devices can be compromised, the entire SATCOM infrastructure could be at risk,鈥� the report says. 鈥淪hips, aircraft, military personnel, emergency services, media services, and industrial facilities (oil rigs, gas pipelines, water treatment plants, wind turbines, substations, etc.) could all be impacted by the vulnerabilities.鈥�

鈥淭he findings,鈥� Mr. Santamarta noted, 鈥渟hould serve as an initial wake-up call for both the vendors and users鈥� of current SATCOM technology.

If the US military is concerned that SATCOM systems may be vulnerable to cyber-attack, it鈥檚 hard to tell.

鈥淭he Department of Defense is aware of a multitude of growing threats in cyber-space, that anything connected to the Internet is potentially vulnerable,鈥� Lt. Col. Valerie D. Henderson, a Department of Defense spokeswoman, said Thursday in a statement responding to Monitor queries. 鈥淲e manage all cyber-risks in accordance with one of DoD's primary cyber-space missions: Defense of all DoD information networks. We do not comment on specific operational vulnerabilities or the actions that we take to manage the associated risks, in order to preserve our operational security.鈥�

Other experts note that it鈥檚 often easier to identify a vulnerability than to actually exploit it in the real world.

鈥淣o doubt it鈥檚 a concern, but it鈥檚 unlikely US aircraft will begin dropping out of the sky anytime soon,鈥� says John Bumgarner, research director for the US Cyber Consequences Unit, a cyber-security think tank.

鈥淚t鈥檚 just not very easy to launch some of these attacks, even if you know the vulnerabilities involved,鈥� he says in an interview. 鈥淵es, they can happen. But it requires tons of reconnaissance and planning to pull it off.鈥�

IOActive鈥檚 trumpet blast, meanwhile, is hardly the first such warning.

In November 2011, the US-China Economic and Security Review Commission revealed that unknown hackers had infiltrated command links to Landsat-7, a US Geological Survey Earth-imaging satellite launched in 1999, and Terra AM-1, which carried NASA climate change sensors. Neither satellite was damaged, although hackers on June 20, 2008, 鈥渁chieved all steps required to command鈥� NASA鈥檚 Terra, 鈥渂ut did not issue commands,鈥� the commission said.

Soon after, the President鈥檚 National Security Telecommunications Advisory Committee reported in 2009 on cyber-threats to satellite networks, noting that 鈥渟atellite and terrestrial networks share similar cyber-vulnerabilities.鈥�

The IOActive report focused on the world鈥檚 most widely used SATCOM terminals that connect with Inmarsat, a British satellite communications provider, and Iridium, a US-based provider.

Even though newer satellites and SATCOM terminals have more secure communications available today than when Landsat or Terra were launched, the soaring demand for satellite bandwidth means US government and military communications are increasingly using commercial satellite data pathways that are somewhat less well protected, satellite communications experts say.

Indeed, proprietary satellite communications have ceded ground in recent years to lower-cost, easier-to-use Internet Protocol or 鈥淚P-based鈥� systems that have increased usability 鈥� but also the vulnerability of SATCOM systems overall, some experts say.

鈥淩educing the technical expertise required to connect to a satellite has the unintended consequence of making it easier for hackers to connect to a satellite,鈥� writes Jason Fritz, an Australian cyber-expert at Bond University in Queensland, in an e-mail interview.聽

SATCOM 鈥渧endor brochures often advertise security and encryption,鈥� he notes, 鈥渂ut in some cases it is up to the individual user to enable these features and follow proper procedures.鈥�

Dr. Fritz鈥檚 view was confirmed by a satellite industry official who, speaking anonymously to protect his business ties, agrees that there are indeed cyber-security 鈥済aps among some of the more casual users鈥� of SATCOM links. While high-security settings are usually available on such equipment, it is frequently not used or default passwords are not changed 鈥� lapses that increase vulnerability to attacks.

鈥淭his equipment has been developed and designed to be so secure that if the features that are there in the systems are coherently implemented by the users, they are among the most secure systems in the world,鈥� says the industry official. 鈥淭he big gap is among more casual users who are not in the middle of a fire-fight.鈥�

But that gap is appearing at the very time that cyber-attackers are intensifying their hunt for vulnerabilities to exploit, SATCOM security experts say.

鈥淭he line between SATCOM networks and IT networks have blurred substantially,鈥� said Christopher Fountain, president of Kratos SecureInfo, a Chantilly, Va., cyber-security company. He told Milsat Magazine, a satellite industry trade publication, in July that increased use of Internet-based satellite communications protocols is 鈥渂ringing additional cyber-security risks. This is against an environment where cyber-attacks and threats continue to increase.鈥�

According to the Kratos SecureInfo website, 鈥渃yber-attacks are increasing at an exponential rate and satellite communications are a prime target.鈥�

In response, the satellite industry is ramping up its public face and focus on cyber-threats. In February, the Global VSAT Forum (GVF), which represents the satellite communications industry worldwide, announced a new 鈥渃yber-security task force鈥� to address the threat.

"We're working with industry to thwart indicators of cyber-attacks being made on the entire telecommunications sector," says David Hartshorn, GVF secretary general, in an interview. 鈥淥ur new task force was scrambled to advance and enable best practices throughout the global satellite industry to address these threats.鈥�

While maintaining that satellite systems have long been among the most secure communications systems available, 鈥測ou can never say everything is just fine,鈥� says Matthew Kenyon, senior director of North American operations for Hughes Network Systems, a provider of broadband satellite network products and a member of the GVF cyber-security task force. 鈥淓very community provider, satellite and terrestrial, is constantly working to improve their capabilities.鈥�

Commercial satellite providers like Intelsat and Iridium are seeing a surge in demand due to increased US military activity in North Africa, the Asia-Pacific region, the Horn of Africa, and the Middle East, industry officials say. Satellite communications links are soaring for ISR missions 鈥� intelligence, surveillance, reconnaissance 鈥� as well as for unmanned aircraft system communications.

Intelsat General Corporation, a Bethesda, Md.-based subsidiary of Intelsat, which has about 50 satellites in its fleet, last year was providing satellite links for more than 60 unmanned aircraft missions and at least 40 manned ISR missions simultaneously, according to Mark Daniels, vice president of engineering and operations.

All that activity has drawn its share of cyber-attacks.

鈥淚n the cyber-security area, we have seen significant activity and we have had to take strong action to deal with that,鈥� Mr. Daniels said in a March 2013 interview in Global Military Communications, a trade publication. Intelsat, the parent company, 鈥渄eals with cyber-attacks on a daily basis.鈥�

For its part, IOActive said it is working with a Department of Homeland Security-affiliated center to inform the SATCOM equipment makers. In a public warning in February, the center noted that 鈥渁 remote unauthenticated attacker may be able to gain privileged access to the [SATCOM] device.... Additionally, a remote unauthenticated attacker may be able to execute arbitrary code on the device.鈥�

IOActive provided not-yet-released details of the vulnerabilities it says it found in its study to satellite operators Iridium and Innarsat and to SATCOM companies that included Cobham, Hughes, Harris Corporation, Japan Radio Corporation, and Thuraya, a mobile satellite operator.

Monitor e-mails and phone calls requesting comment on the IOActive study elicited several responses from the companies.

鈥淚ridium has been in contact鈥� with the DHS-affiliated center 鈥渟ince they brought these concerns to our attention, and we have taken the necessary steps in the Iridium network to alleviate the issue,鈥� Diane Hockenberry, an Iridium spokeswoman, says in an e-mailed statement. 鈥淲e have determined that the risk to Iridium subscribers is minimal, but we are taking precautionary measures to safeguard our users.鈥�

鈥淐obham is aware of the paper by IOActive and its findings,鈥� Greg Alan Caires, a spokesman for the Britain-based company, says in an e-mail. 鈥淚t is under review. We have no comment to make at this time.鈥�

Hughes鈥檚 Mr. Kenyon declined to comment on the IOActive report.

Harris Corporation in Melbourne, Fla., and Japan Radio Corp. did not respond to requests for comment by press time.

Dubai-based Thuraya Telecommunications Company issued a statement that was dismissive of the findings.

鈥淎s Thuraya鈥檚 equipment was not tested in a real world environment, the results and the conclusions of the whitepaper are theoretical and not a proper assessment of the equipment鈥檚 security features,鈥� the company said.

Inmarsat, whose underlying technology was present in several of the systems tested by IOActive, said it had 鈥渃onducted a preliminary assessment鈥� of the claims as they relate to devices operating over its network.

鈥淲e believe that the claims have previously been identified and addressed by Inmarsat and its partners,鈥� Jonathan Sinnatt, an Inmarsat spokesman, writes in an e-mail to the Monitor.聽鈥淚nmarsat is studying the full report in detail and should any new issues be identified, we will act promptly to address them,鈥� he said.

Staff writer Anna Mulrine contributed to this report from Washington.