So this is bad. Black Hat, the king of enterprise security conventions just presented some impressive work from Ruben Santamarta of IOActive, whose team has unearthed worrying vulnerabilities in satellite communication systems, aka SATCOM, used by airplanes, ships and military units worldwide.
Now, it’s not catastrophically bad: In particular, while attackers could mess with or disable your in-flight Wi-Fi, conceivably try to hack into devices connected to them and/or disable all in-flight satellite comms, they couldn’t actually affect any systems that control the airplane. The bigger worries are in the military or maritime spheres, because these are remote vulnerabilities — anyone on the internet can hack into a connected vulnerable SATCOM device. Which is to say, presumably most of them, since communication is their whole reason for being.
In the former case, in addition to the risk of attackers modifying or disabling satellite communications, devices with onboard GPS could leak the location of military units. And in both cases, this opens up the prospect of “cyber-physical attacks,” a brilliantly dystopic phrase if ever there was one; basically, if you crank enough power through a satellite antenna, it can radiate energy powerful enough that it affects biological tissue and electrical systems. Same general principle as a microwave oven.
But wait, it gets worse! These are embedded systems. In general there’s no easy way to beam a remote upgrade to them; in some cases the only upgrade is a wholesale replacement. And while there are mitigations (not fixes per se, but approaches that will reduce the severity and likelihood of attacks) for aviation and military SATCOM, maritime systems are … more problematic.
So. Don’t worry too much if you’re not a sailor or a soldier, your airplane won’t plunge or divert because of this … but someone sitting at a computer far away on the ground might be able to take over your in-flight Wi-Fi. Santamarta (who has a history of this kind of thing) and IOActive are working with vendors and unspecified “government agencies” to address these vulnerabilities, but it sounds like, at least on the high seas, this problem is going to be with us for a while.
Disclaimer: This is a reproduced article and the copyright rests with the original author. The views in this article are not from MIUI Resources Team, or MIUI Global Forum. If there is any disagreement, please contact the Forum Management Team to delete it.
In order to fulfill the basic functions of our service, the user hereby agrees to allow Xiaomi to collect, process and use personal information which shall include but not be limited to written threads, pictures, comments, replies in the Mi Community, and relevant data types listed in Xiaomi's Private Policy. By selecting "Agree", you agree to Xiaomi's Private Policy and Content Policy .