Blackhat: Satellite Hack has ICS Connection

Thursday, August 6, 2015 @ 05:08 PM gHale

By Gregory Hale
Globalstar satellite transmissions used to monitor water pipelines and drilling applications for oil and gas can end up compromised to alter messages.

“Hackers can inject data into systems. These are 20-year-old systems built before security was thought of,” said Colby Moore, a security researcher at Synack at Blackhat USA 2015 security conference in Las Vegas Wednesday.

Blackhat: Free, Open Internet Dying
Security Alarms Sounding with Smartwatches
Average DDoS Attack Size on Rise
Confidence, Fear Co-Exist in Security

In these old systems, “there is no encryption and everything is done in plain text,” Moore said. “That may have been the case years ago, but there is no excuse today.”

From oil and gas devices to tracking fleets to consumer products, there are millions of devices deployed, Moore said.

The technique can’t affect control of the Globalstar satellites, just the messages they relay.

The flaw Moore exploited deals with the data protocol and he said it will most likely not end up patched because of the inaccessibility of the satellites and the limitations of the transmitting devices.

The transmitters know where they are via geolocation and transmit that data over the company’s array of satellites and down to ground stations. From there messages are relayed via terrestrial means to the customer out in the oil field or tracking a truck or person.

Using information he gleaned from Federal Communications Commission about the system as well as from product specifications from companies that make component parts for the transmitters, Moore reverse-engineered the protocols they use. Then he injected extra data into the stream being sent to the satellite.

His hack is more of a proof of concept and was able to crack into the system using off-the-shelf equipment costing less than $1,000.

Moore told Globalstar about the issue 180 days ago and didn’t hear back from them until a month later the top engineer wanted to see more information. After Moore sent it, he never heard back from the company.