This $1,000 Device Lets Hackers Hijack Satellite Communications
Taking advantage of a flaw in a popular satellite tracking technology, hackers could track and steal valuable cargo.
A satellite tracking technology can be easily hacked with the help of a $1,000 device made of off the shelf components, according to a security researcher who found a flaw in the technology.
Taking advantage of this flaw, criminal hackers could track and hijack valuable cargo, such as military supplies or cash and gold stored in an armored car, according to Colby Moore, a researcher at security firm Synack, who plans to show off his findings at the upcoming Black Hat security conference.
Moore claims that the communications between trackers sold by GlobalStar and its constellation of satellites is insecure, allowing pretty much anyone to intercept it and even send its own spoofed signal to the satellites. This flaw, according to Moore, shows that satellite companies like GlobalStar aren't taking basic steps to make their technologies secure.
"We're only at the tip of the iceberg for the implications around this," Moore told Motherboard in a phone interview. "It's really critical that these companies start taking security seriously."
"It's really critical that these companies start taking security seriously."
GlobalStar markets its satellite tracking devices to corporations and government agencies that want to track their valuable assets. They can also be used to monitor industrial critical infrastructure such as pipelines, or to track hikers and other adventurers who use GlobalStar's consumer tracker called "Spot."
All these devices, according to Moore, depend on the same, flawed technology, known as the Simplex data network, which is used to send data between the transmitters and the satellites.
More said he was able to reverse engineer the protocol underlying the network and find that all these devices use the same code to transmit data, making it "very easy' to intercept data flowing from the devices to the satellites.
Moore has created a medium-sized device made of a satellite antenna, a software defined radio transceiver (a device that can beam or pick up frequencies using software instead of hardware), and an amplifier, that allows him to intercept data sent by GlobalStar transmitters to the satellites. Using a device like this, Moore said, anyone can see where these trackers are, and can even hijack and spoof the data to make it look like they're somewhere else to whoever is tracking them.
For example, a criminal could track a vehicle, say an armored car, for days to learn its regular path. The intercepted data doesn't reveal what kind of vehicle a tracker is installed on, but regular patterns might give that away—think of a vehicle that constantly goes between banks or diamond shops.
A criminal could track a vehicle, say an armored car, for days to learn its regular path.
At that point the criminal could hijack it, disable the satellite transmitter, and use another transmitter to show to the company that the armored car is on its regular track—"but in reality you're hijacking it and taking it somewhere else," Moore said.
Moore said he can see "several miles" around the device he created, depending on how high he can place it. In the future, however, Moore said he plans to continue his research and try to intercept the data transmission from the satellite back down to Earth, as well as use the device from a plane, which should increase his range.
"In the future I'll be able to see 2,000 miles around me for every base station I set up," he said.
The device cost him only around $1,000 and he plans to release the hardware specifications as well as the code underlying it Black Hat in Las Vegas next week, so that other hackers can find flaws and help GlobalStar, as well as similar companies, to improve the security of their products.
In this case, however, Moore isn't very optimistic. GlobalStar's tracking devices are engineered in a way that makes it "unrealistic" to think they can be patched, according to Moore, given that they don't accept firmware updates. In other words, GlobalStar would have to recall them and make new ones to really fix this flaw, Moore said.
"They could adapt, but they'll never totally be fixed," Moore said.
A spokesperson for GlobalStar dismissed Moore's research, saying in an email statement that the company "engineers would know quickly if any person or entity was hacking our system in a material way, and this type of situation has never been an issue to date."
The spokesperson, however, did not answer a series of specific questions, such as how its engineers are actually able to "detect hacking" the systems, or whether and how they plan to patch this flaw. Moore said he alerted the company of the flaw more than six months ago, and after a brief exchange, he "never heard back" from them.
"I believe it would be impossible to monitor if someone is intercepting data and using it for malicious purposes."
I showed Moore GlobalStar's response, and while he said that he hopes that the company's statement is true, he was skeptical.
"Its very possible that GlobalStar does have internal monitoring mechanisms," he said in an email. "But due to the nature of the flaws I have discovered, I believe it would be impossible to monitor if someone is intercepting data and using it for malicious purposes."
Moore hopes that his presentation will spark more interest in satellite hacking, and help improve technologies that sometimes were designed a long time ago.
"These things were built in the 80s and 90s," Moore said. "No one has taken a look at the security of any of these systems."