Insecure satellite-based internet poses threat to transport safety

Satellite internet service providers are still vulnerable to attack methods discovered nearly 15 years ago

Hackers can easily snoop on the satellite-based internet "from thousands of miles away, with virtually no risk of detection".

The warning comes from James Pavur, a Rhodes Scholar and DPhil student at Oxford, who presented the findings of his new research [pdf] during an online session at the Black Hat security conference on 5^th August.

According to Pavur, satellite-based Internet is putting millions of people at risk, despite new technologies being adopted in the satellite communications space.

Pavur has been conducting his research for many years, intercepting the signals from satellites beaming Internet data to millions of users in approximately 100 million sq. km. of area. He has intercepted over 4 terabytes of real-world data from the 18 satellites, using a setup that includes a TBS 6983/6903 PCI-e card/DVB-S tuner, a flat-panel dish and a coaxial cable.

Pavur said he could use the set-up to intercept nearly every transmission an ISP sends to a user via satellite.

The research shows that many satellite internet service providers operating today are still vulnerable to attacks that were disclosed by security researchers nearly 15 years ago. Using his inexpensive equipment, Pavur was able to see an encrypted email downloaded by a user or the contents of HTTP sites that user was browsing.

"From home satellite broadband customers, to wind farms, to oil tankers, to aircraft, satellite eavesdropping represents a critical threat to privacy and communications security," Pavur said.

"Beyond eavesdropping, we also demonstrate that, under the right conditions, attackers can even hijack active sessions over the satellite link."

Satellite transmissions are subject to speed-of-light latency effects and packet loss, which can impair the proper functioning of encryption schemes designed for high-reliability terrestrial environments, said Pavur.

As satellites come with limited computing capabilities, any on-board cryptographic operation "risks trading off with other mission functionality," he warned.

Since the start of the year, Pavur has focused his attention on intercepting satellite transmissions sent to planes.

He notes that the use of satellite-based Internet to receive the navigational data puts the crew and passengers at risk of an attack from hackers who could impersonate the aircraft with which the ground station is communicating.

They can also use session hijacking to cause planes to report false locations or fuel levels, incorrect readings for ventilation, heating, and air conditioning systems, or reveal other sensitive information to hackers.

Attackers can also launch denials of service attacks to prevent a plane from receiving data that is crucial to safe operations.