It sounds like the stuff of sky beams and science fiction because for many years it was. In movies and on TV, satellites are regularly hacked to perform dastardly deeds. But at Black Hat this week, researchers have shown a number of methods of launching real attacks against SATCOM systems. Four years ago, these attacks were merely theoretical proof-of-concepts. Today, at Black Hat 2018, they aren’t.
Ruben Santamarta, principal security consultant the security company IOActive, gave a preview of his upcoming talk on Thursday.
Coming tomorrow at #BlackHat2018 but we got a sneak peek. SATCOM hacking to the next level. Remotely compromising non-critical airplane systems, revealing the location of military bases, and even hijacking the antenna to fry skin and electronics. Deets soon. Watch @PCMag. pic.twitter.com/snHFlk40RK
— Bitter, Tired, and Sweaty (@wmaxeddy) August 8, 2018
PCMag was on hand for the preview. Santamarta focused on three areas of investigation: aviation, maritime, and military. All three proved vulnerable to remote attack in different ways. In aviation, Santamarta was able to attack and disrupt various systems not related to keeping the aircraft flying through the sky. Digital devices carried by both passengers and crew were still vulnerable to attack and could be targeted via onboard Wi-Fi.
The maritime and military applications were more directly threatening. In maritime applications, Santamarta could either alter antenna alignments or increase the amount of power these systems consumed to the point that they began interfering with other electronic equipment. Between antenna alignment access and the ability to compromise navigational systems simply through power draw, a black hat could leave a ship adrift, unable to trust its navigation equipment.
As for military applications, the word there is grim. Santamarta was able to extract the precise GPS coordinates of every antenna he communicated with, posing an obvious danger to the location of anything with a satellite uplink. With control over both the position and the transmission power of the satellites in question, he could theoretically launch attacks against the transponders in the satellites themselves.
“It is possible to use a specific amount of power in the transmission to create a scenario where biological and electrical systems can be affected,” Santamarta explained. “This can be used to create burns if [people] are affected by the transmission of the antenna.”
Mitigation development is already well underway, but completely fixing these flaws could prove extremely difficult. SATCOM devices are often part of a fixed installation and can’t exactly be popped into a trunk for a quick trip down to the IT department.
This is rather obviously sensitive information and Santamarta stressed that he, his employer, and related government agencies had all worked together and cooperated fully in putting together both their report on the vulnerabilities and the public speech to be given at BlackHat. Obviously, certain information will be omitted from the final talk.
AMD’s New Radeon RX 6000 Series Is Optimized to Battle Ampere
AMD unveiled its RX 6000 series today. For the first time since it bought ATI in 2006, there will be some specific advantages to running AMD GPUs in AMD platforms.
MSI’s Nvidia RTX 3070 Gaming X Trio Review: 2080 Ti Performance, Pascal Pricing
Nvidia's new RTX 3070 is a fabulous GPU at a good price, and the MSI RTX 3070 Gaming X Trio shows it off well.
Review: The Oculus Quest 2 Could Be the Tipping Point for VR Mass Adoption
The Oculus Quest 2 is now available, and it's an improvement over the original in every way that matters. And yet, it's $100 less expensive than the last release. Having spent some time with the Quest 2, I believe we might look back on it as the headset that finally made VR accessible to mainstream consumers.