In 2014, IOActive researchers revealed security vulnerabilities they found in the most widely deployed satellite communications terminals and presented potential scenarios attackers could exploit once SATCOM systems have been compromised in the aviation, maritime, and military sectors. In 2018, they demonstrated that some of these theoretical scenarios are, unfortunately, still actually possible.
Ruben Santamarta, principal security consultant with IOActive, presented this latest research at this year’s Black Hat conference in Las Vegas, and showed that it’s possible for remote attackers to take control of airborne SATCOM equipment on in-flight commercial aircrafts, earth stations on vessels and those used by the US military in conflict zones.
The many vulnerabilities found include backdoors, insecure protocols, and network misconfigurations.
While for the aviation industry some of these attacks carry just security risks (attacker can intercept, manipulate, or disrupt non-safety communications or move further into other networks), in the maritime and military sectors there are also safety risks.
Read more: Help Net Security