Back to Squawk list
  • 28

Insecure satellite Internet is threatening ship and plane safety

More than a decade has passed since researchers demonstrated serious privacy and and security holes in satellite-based Internet services. The weaknesses allowed attackers to snoop on and sometimes tamper with data received by millions of users thousands of miles away. You might expect that in 2020—as satellite Internet has grown more popular—providers would have fixed those shortcomings, but you’d be wrong. ( 기타...

Sort type: [Top] [Newest]

Greg S 6
None of the examples listed are *satellite* insecurities. Instead, they are all protocol insecurities. However, just like WiFi, the ease of interception and modification tend to magnify the effect of these weaknesses. So why does the article imply that satellites themselves are the weaknesses? Purely for click-bait purposes.
One of the problems cited is the fact that the flight bag and cabin entertainment system use the same transceiver, which is something that can't be remedied in software. It's neither a inherent weakness in the satellites nor a protocol -- it's a design weakness due to cost-cutting,
mbrews 3
- There is no basis for a claim of " a design weakness due to cost-cutting ".

The researcher can only claim he captured some data traffic for an electronic flight bag.

It's highly plausible that Sheer Laziness simply led some flight crew members to use unsecure airborne wifi service to conduct unencrypted comms with carrier ops. And happened that the transactions become data captured by the academic researcher.

As per my post nearby, the mere ability to snoop SATCOM data does not prove there's an aircraft safety vulnerability.

And what's your remedy to the supposed " design weakness due to cost-cutting " ? Shall we prevent aircrews from using Satcom altogether ? Shall we force them to only use non-satellite methods for datacomm ?

Again, its DEFCON week. Expect many more black hats to be wailing that the sky is falling.
Dubslow 3
If the end services properly encrypted their data before handing it off to the network, then it mostly doesn't matter how insecure the network is, since the network itself only receives encrypted data.

All software requiring network connectivity should assume by default that the network is insecure. This is the exact same thinking as drives the adoption of HTTPS. The S in HTTPS means that your network's security doesn't matter, because before the data even gets to your network card, it's already encrypted. (That relies on the security of the HTTPS protocol itself, and similarly the client software will have issues that way, but it's still better than assuming a safe network.)
Regardless of encryption, if the in-flight entertainment system and the flight deck share a satellite transceiver, it could be possible to execute a denial of service attack or exploit a weakness in the software that runs the transceiver. Networking hardware and protocols get exploited every day.

Anyone who thinks this is theoretical doesn’t fully understand the possible impact.
skylab72 1
Anyone who thinks that defeating the threat is a slam-dunk doesn’t fully understand the infrastructure.
mbrews 3
- This week brings DOZENS of clickbait articles like this, since its DEFCON week. The annual show-and-tell where blackhats and wanna-bees trumpet their latest supposed exploits. Article presents showoffy acaedemic findings, (yes clickbait) but not a legititame aircraft safety issue.

Ability to snoop is NOT a safety issue. Flightaware tarcking functions are largely based on snooping ADS-B radio messages. Google snoops and sells most things folks do on the internet.
zennermd 2
Well then it better gain some confidence! Fast!
skylab72 1
Well... It is a little bit alarming that the price of access to millions of dollars worth of mischief is only $300 dollars and ten years or so of education in some of the more arcane areas of communications science. While it is true that there is no adequate defense against a dedicated terrorist, it would be ill-advised to allow the population of capable terrorists to become too large. Just be aware this particular domain (GPS) has costs embedded in protocol changes others usually do not. I find it comforting to know people are looking at the issue. You may rest assured someone is working on the issue as well. But as always with security issues, it is a foot race. May the good guys win.
D Rotten 1
In a word.....'DUH!'. And it will ALWAYS be like this. ANYTHING is 'hackable'!!! Yet one more reason that I will never set foot on a plane!
skylab72 1
A defeatist attitude is self-defeating. "ANYTHING is hackable" is like saying, "Being born has a 100% mortality rate." Get your head out of the sand and fix a couple of real-world problems YOU have control over. You will feel better.
This is a warning sign (again) of a potential disaster waiting to happen. Our reliance on satellites should make it imperative for operators and the government to develop the means to protect them. While they are at it, our power plants and ground transportation infrastructure are vulnerable to various forms of attack and need similar protections. One would think that having experienced (and are still experiencing) the effects of a viral pandemic, leaders and business and government would get serious about these things and fix them.
If my work can have a secure "corporate" network and an "unsecured" guest/open network, surely the airlines can as well. as others have said, it's not that satellite internet is "unsecured" it's that improperly configured networks are not secure.

1) either have dedicated VPNs installed (one for company coms, avionics, etc) one for guest/pax wi-fi. could probably go to more to keep every type on their dedicated network.

Anyone remember the cars that had internet, and NO SECURITY from hackers. I was surprised to find out that the bare minimum of security was used in planes with wifi.
Hackers kill a Jeep. This is the first link I came up with. There are black boxes that will unlock almost any car with the push of a button. There are videos out there showing how easy it is, and the 'black boxes' are available on the internet.
And virtual Defcon, this week, has a contest to 'hack-a-sat'. Yes, hack a satellite. A satellite IN ORBIT. An actual real satellite. It wouldn't be the first time that a satellite was hacked either. ROSAT was hacked, and its solar panels were burned out, destroying the satellite.

This could be a case of 'pen testing' (penetration testing, testing the safeguards to block hackers) but it goes farther to show malicious people that hacking a satellite IS possible. Coupled with Russia's massive in-orbit presence, the next 'war' will likely be fought in orbit, and everything that we depend on from satellites will be destroyed for generations to come. Some of the first satellites ever launched are still in orbit, so any debris from a 'satellite battle' being hacking, acts of war, or accidental, will be on orbit for decades after, GENERATIONS after.


계정을 가지고 계십니까? 사용자 정의된 기능, 비행 경보 및 더 많은 정보를 위해 지금(무료) 등록하세요!
이 웹 사이트는 쿠키를 사용합니다. 이 웹 사이트를 사용하고 탐색함으로써 귀하는 이러한 쿠기 사용을 수락하는 것입니다.
FlightAware 항공편 추적이 광고로 지원된다는 것을 알고 계셨습니까?
FlightAware.com의 광고를 허용하면 FlightAware를 무료로 유지할 수 있습니다. Flightaware에서는 훌륭한 경험을 제공할 수 있도록 관련성있고 방해되지 않는 광고를 유지하기 위해 열심히 노력하고 있습니다. FlightAware에서 간단히 광고를 허용 하거나 프리미엄 계정을 고려해 보십시오..