Back to Squawk list
  • 28

Insecure satellite Internet is threatening ship and plane safety

Übermittelt
 
More than a decade has passed since researchers demonstrated serious privacy and and security holes in satellite-based Internet services. The weaknesses allowed attackers to snoop on and sometimes tamper with data received by millions of users thousands of miles away. You might expect that in 2020—as satellite Internet has grown more popular—providers would have fixed those shortcomings, but you’d be wrong. (arstechnica.com) Mehr...

Sort type: [Top] [Newest]


ghstark
Greg S 6
None of the examples listed are *satellite* insecurities. Instead, they are all protocol insecurities. However, just like WiFi, the ease of interception and modification tend to magnify the effect of these weaknesses. So why does the article imply that satellites themselves are the weaknesses? Purely for click-bait purposes.
TorstenHoff
Torsten Hoff 3
One of the problems cited is the fact that the flight bag and cabin entertainment system use the same transceiver, which is something that can't be remedied in software. It's neither a inherent weakness in the satellites nor a protocol -- it's a design weakness due to cost-cutting,
mbrews
mbrews 3
- There is no basis for a claim of " a design weakness due to cost-cutting ".

The researcher can only claim he captured some data traffic for an electronic flight bag.

It's highly plausible that Sheer Laziness simply led some flight crew members to use unsecure airborne wifi service to conduct unencrypted comms with carrier ops. And happened that the transactions become data captured by the academic researcher.

As per my post nearby, the mere ability to snoop SATCOM data does not prove there's an aircraft safety vulnerability.

And what's your remedy to the supposed " design weakness due to cost-cutting " ? Shall we prevent aircrews from using Satcom altogether ? Shall we force them to only use non-satellite methods for datacomm ?

Again, its DEFCON week. Expect many more black hats to be wailing that the sky is falling.
Dubslow
Dubslow 3
If the end services properly encrypted their data before handing it off to the network, then it mostly doesn't matter how insecure the network is, since the network itself only receives encrypted data.

All software requiring network connectivity should assume by default that the network is insecure. This is the exact same thinking as drives the adoption of HTTPS. The S in HTTPS means that your network's security doesn't matter, because before the data even gets to your network card, it's already encrypted. (That relies on the security of the HTTPS protocol itself, and similarly the client software will have issues that way, but it's still better than assuming a safe network.)
TorstenHoff
Torsten Hoff 1
Regardless of encryption, if the in-flight entertainment system and the flight deck share a satellite transceiver, it could be possible to execute a denial of service attack or exploit a weakness in the software that runs the transceiver. Networking hardware and protocols get exploited every day.

Anyone who thinks this is theoretical doesn’t fully understand the possible impact.

skylab72
skylab72 1
Anyone who thinks that defeating the threat is a slam-dunk doesn’t fully understand the infrastructure.
mbrews
mbrews 3
- This week brings DOZENS of clickbait articles like this, since its DEFCON week. The annual show-and-tell where blackhats and wanna-bees trumpet their latest supposed exploits. Article presents showoffy acaedemic findings, (yes clickbait) but not a legititame aircraft safety issue.

Ability to snoop is NOT a safety issue. Flightaware tarcking functions are largely based on snooping ADS-B radio messages. Google snoops and sells most things folks do on the internet.
zennermd
zennermd 2
Well then it better gain some confidence! Fast!
skylab72
skylab72 1
Well... It is a little bit alarming that the price of access to millions of dollars worth of mischief is only $300 dollars and ten years or so of education in some of the more arcane areas of communications science. While it is true that there is no adequate defense against a dedicated terrorist, it would be ill-advised to allow the population of capable terrorists to become too large. Just be aware this particular domain (GPS) has costs embedded in protocol changes others usually do not. I find it comforting to know people are looking at the issue. You may rest assured someone is working on the issue as well. But as always with security issues, it is a foot race. May the good guys win.
DRotten
D Rotten 1
In a word.....'DUH!'. And it will ALWAYS be like this. ANYTHING is 'hackable'!!! Yet one more reason that I will never set foot on a plane!
skylab72
skylab72 1
A defeatist attitude is self-defeating. "ANYTHING is hackable" is like saying, "Being born has a 100% mortality rate." Get your head out of the sand and fix a couple of real-world problems YOU have control over. You will feel better.
PlainSpeaking
Brent Bahler -1
This is a warning sign (again) of a potential disaster waiting to happen. Our reliance on satellites should make it imperative for operators and the government to develop the means to protect them. While they are at it, our power plants and ground transportation infrastructure are vulnerable to various forms of attack and need similar protections. One would think that having experienced (and are still experiencing) the effects of a viral pandemic, leaders and business and government would get serious about these things and fix them.
PSUAth
If my work can have a secure "corporate" network and an "unsecured" guest/open network, surely the airlines can as well. as others have said, it's not that satellite internet is "unsecured" it's that improperly configured networks are not secure.

1) either have dedicated VPNs installed (one for company coms, avionics, etc) one for guest/pax wi-fi. could probably go to more to keep every type on their dedicated network.
Quirkyfrog
Robert Cowling -1
Anyone remember the cars that had internet, and NO SECURITY from hackers. I was surprised to find out that the bare minimum of security was used in planes with wifi.
Quirkyfrog
Robert Cowling -2
Hackers kill a Jeep. This is the first link I came up with. There are black boxes that will unlock almost any car with the push of a button. There are videos out there showing how easy it is, and the 'black boxes' are available on the internet.

https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
Quirkyfrog
Robert Cowling -1
And virtual Defcon, this week, has a contest to 'hack-a-sat'. Yes, hack a satellite. A satellite IN ORBIT. An actual real satellite. It wouldn't be the first time that a satellite was hacked either. ROSAT was hacked, and its solar panels were burned out, destroying the satellite.

This could be a case of 'pen testing' (penetration testing, testing the safeguards to block hackers) but it goes farther to show malicious people that hacking a satellite IS possible. Coupled with Russia's massive in-orbit presence, the next 'war' will likely be fought in orbit, and everything that we depend on from satellites will be destroyed for generations to come. Some of the first satellites ever launched are still in orbit, so any debris from a 'satellite battle' being hacking, acts of war, or accidental, will be on orbit for decades after, GENERATIONS after.

Anmelden

Haben Sie kein Konto? Jetzt (kostenlos) registrieren für kundenspezifische Funktionen, Flugbenachrichtigungen und vieles mehr!
Wussten Sie schon, dass die Flugverfolgung auf FlightAware durch Werbung finanziert wird?
Sie können uns dabei helfen, FlightAware weiterhin kostenlos anzubieten, indem Sie Werbung auf FlightAware.com zulassen. Wir engagieren uns dafür, dass unsere Werbung auch in Zukunft zweckmäßig und unaufdringlich ist und Sie beim Surfen nicht stört. Das Erstellen einer Positivliste für Anzeigen auf FlightAware geht schnell und unkompliziert. Alternativ können Sie sich auch für eines unserer Premium-Benutzerkonten entscheiden..
Schließen