Small Satellite Dish Systems 'Ripe For Hacking'

← Back to Stories (view on slashdot.org)

Small Satellite Dish Systems 'Ripe For Hacking'

Posted by Soulskill on Saturday January 11, 2014 @10:17PM from the will-dish-it-out,-but-can't-take-it dept.

The Walking Dude writes: "According to the CS Monitor, 'Thousands of small satellite dish-based computer systems [VSATs] that transmit often-sensitive data from far flung locations worldwide – oil rigs, ships at sea, banks, and even power grid substations – are at high risk of being hacked, including many in the United States, a new cyber-security report has found.' Dr. Jason Fritz said, 'Vulnerabilities exist at all nodes and links in satellite structure. These can be exploited through Internet-connected computer networks, as hackers are more commonly envisioned to do, or through electronic warfare methodologies that more directly manipulate the radio waves of uplinks and downlinks.'"

44 comments

Min score:

Reason:

Sort:

Wow by Anonymous Coward · 2014-01-11 22:34 · Score: 1

The 'hacking' fud is getting thick lately...
1. Re:Wow by Anonymous Coward · 2014-01-12 20:06 · Score: 0
  
  Exactly my thoughts ..
We'll see by Anonymous Coward · 2014-01-11 22:38 · Score: 2, Interesting

I have a hard time taking anything with the word "cyber" seriously.
1. Re:We'll see by JustOK · 2014-01-11 23:13 · Score: 5, Funny
  
  Offenders should be sent to Cyberia
  
  --
  rewriting history since 2109
2. Re:We'll see by Anonymous Coward · 2014-01-11 23:51 · Score: 5, Funny
  
  to the Googlags
3. Re:We'll see by JustOK · 2014-01-12 01:08 · Score: 1
  
  BING!
  
  --
  rewriting history since 2109
4. Re:We'll see by VortexCortex · 2014-01-12 01:29 · Score: 1
  
  Offenders should be sent to Cyberia
  I whole heartedly agree... Hell, just 30 minutes of that would be punishment enough.
5. Re:We'll see by rmdingler · 2014-01-12 01:38 · Score: 2
  
  Heh heh. Nice.
  Perhaps this is a model we've seen before.
  As each exploit breaches a security vulnerability, the patch makes the security a little better, rinse, repeat... and then before you know it, some headless bureaucrat insists on security considerations as an important development consideration.
  It has been described as an arms race by folks smarter than me, and that means it's a scenario that doesn't suck for future IT employment,
  
  --
  Happiness in intelligent people is the rarest thing I know.
  Ernest Hemingway
6. Re: We'll see by Anonymous Coward · 2014-01-12 01:52 · Score: 0
  
  Hook them up with some Accella and watch them blow their brains out.
7. Re:We'll see by davester666 · 2014-01-12 07:16 · Score: 1
  
  Yahoo! Finally some clear thinking.
  
  --
  Sleep your way to a whiter smile...date a dentist!
8. Re:We'll see by Anonymous Coward · 2014-01-12 13:53 · Score: 0
  
  Great - you guys are out of search engines.
  Alta la Vista, bad puns.
9. Re:We'll see by foobar+bazbot · 2014-01-13 01:45 · Score: 1
  
  Mind if I join this Dogpile?
10. Re:We'll see by Anonymous Coward · 2014-01-13 19:26 · Score: 0
  
  walkimus
Competition. by Anonymous Coward · 2014-01-11 22:47 · Score: 2, Insightful

I don't take computer security seriously any more. Everything's an arms race where the only way to win is not to be important enough for anyone to want to make an effort against you.
If we had a culture based on cooperation rather than competition, we wouldn't have everyone taught and therefore trying to get one up on everyone else.
It's been hundreds of years since humanity has established new societies based on cooperation (no, Marxism-Leninism is nothing of the sort). Let's stop lazily thinking of ourselves and try again, if we're intelligent enough.
1. Re:Competition. by peragrin · 2014-01-12 00:03 · Score: 1
  
  cooperation only works if you are not greedy or jealous.
  computer security needs to be thought of in the beginning. and it never really has been.
  from the protocols on up. security has generally been the last thought of computer programmers.
  
  --
  i thought once I was found, but it was only a dream.
2. Re:Competition. by Anonymous Coward · 2014-01-12 05:41 · Score: 0
  
  I don't take computer security seriously any more. Everything's an arms race where the only way to win is not to be important enough for anyone to want to make an effort against you.
  Maybe this explains Stallman's ongoing campaign to make GNU software as unappealling as possible to the general public: by evangelizing that "free as in freedom" is what's really important, not "free as in beer", and by insisting that Linux be called "the GNU/Linux" system, he's actually just implementing a convoluted security strategy.
Even satellite can be hacked by Taco+Cowboy · 2014-01-11 22:56 · Score: 3, Informative

In the 1990's a communication satellite belonging to China was hacked and the hackers (rumored to be a state-sponsored hacker group) changed the tee vee channels on that satellite to carry anti CCP programs.
Almost 20 years have passed and nobody claimed responsibility over that incident, but it is believed that the hacker group was sponsored by some state (nation) because it does take quite a bit more ooomph in term of beaming power in order to hack into a satellite orbiting the Earth.
As for that particular Chinese communication satellite, China tried to "unhack" that bird but failed. So China took the "Plan B" route - they junked that bird, shut everything on that satellite down and now it's floating up there doing nothing.

--
Muchas Gracias, Señor Edward Snowden !
1. Re:Even satellite can be hacked by Anonymous Coward · 2014-01-12 00:44 · Score: 0
  
  There ya go, reply to a troll to get your post up near the top! Yeah, no one would ever notice that.
2. Re:Even satellite can be hacked by Anonymous Coward · 2014-01-12 01:25 · Score: 0
  
  There ya go, reply to a troll to get your post up near the top! Yeah, no one would ever notice that.
  Even Slashdot can be hacked
Skeptical. by vikingpower · 2014-01-11 23:01 · Score: 1

Although I nearly daily read papers from almost any university in the world, I had never heard of Bond "university". Which Bond is this - James Bond ?
On a more serious note, though: "IntelCrawler" does not ring a bell, either. The only somewhat creditworthy title being cited is csmonitor. For the moment I am writing TFA off as hype-generation and FUD. I would love to be proved wrong, however.

--
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
1. Re:Skeptical. by Anonymous Coward · 2014-01-11 23:23 · Score: 0
  
  Although I nearly daily read papers from almost any university in the world, I had never heard of Bond "university". Which Bond is this - James Bond ?
  
  Bond University, Bringing ambition to life
2. Re:Skeptical. by maxwell+demon · 2014-01-12 00:08 · Score: 1
  
  Maybe they refer to this Bond?
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
3. Re:Skeptical. by Anonymous Coward · 2014-01-12 00:10 · Score: 0
  
  No, that would be Alan Bond, who like James is interested in expensive yachts and diamonds, but unlike James was put into prison because he (allegedly) likes to manipulate shareholders and business partners instead of women.
4. Re:Skeptical. by dbIII · 2014-01-12 02:02 · Score: 1
  
  Which Bond is this - James Bond
  Alan Bond initially put up the finance for that private University. It's probably the third biggest University in the state of Queensland and has a decent reputation in CS. Being located in a city built around tourism it attracts a few conferences.
  
  As for the person it was named after - somehow Alan Bond managed to go broke selling beer to Australians.
... are at high risk of being hacked... by Anonymous Coward · 2014-01-11 23:05 · Score: 0

Fucking NSA.
No surprise by Anonymous Coward · 2014-01-11 23:27 · Score: 3, Insightful

All software is shit, all hardware too. We've long abandoned a development model that is focused on correctness. It has been features, features, features for decades. So what do you expect? Of course everything's ripe to be hacked. We had a choice.
1. Re:No surprise by Anonymous Coward · 2014-01-12 00:32 · Score: 2, Insightful
  
  "Abandoned" implies that this used to exist. Look at FTP, horrifically complex protocol that handles a lot of what we use load balancers to do today with zero security. The good old days weren't quite as good as we remember them to be.
2. Re:No surprise by toshikodo · 2014-01-12 00:49 · Score: 2
  
  I disagree, we never had a choice to do anything other than build these systems with their bugs. I know because I was there back in the dawn of remote digital telemetry systems. We had enough issues with just getting the stuff out of the door on time and to budget (and usually failed on both counts). Development models such UML & quality standards like ISO9001 just didn't exist back then.
  
  We we pioneers, not engineers.
  
  The real problem here is with the CEOs of the corporations that use this old tech. They won't do anything about it until they are forced to, either because some hacker causes the sort of damage that results in multi-million dollar law suits, or (and this is much less likely) the legislators force them to do something about it.
  
  --
  No volcanos here
3. Re:No surprise by KingOfBLASH · 2014-01-12 01:41 · Score: 3, Insightful
  
  Most locks can be picked with a lock pick
  Many cars can be compromised with a screwdriver and thin piece of metal to open them.
  Many anti-shoplifting devices can be disabled if you know how.
  The list goes on.
  True security costs money and effort. A LOT of it.
  For most applications, as a society, we err on the side of too little security (and accept the small chance that security will be compromised, because it's not an issue).
  This is because, historically, security issues have been quite local. People don't steal enough in most neighborhoods to justify putting bars on your windows. People don't shoplift enough to justify a full cavity search of anyone entering or exiting a department store.
  Technology is of course changing all of that. Before, if we know there is a 1 in a million chance of a bad guy in the population, most small communities were not afraid. Now, it is possible for a single determined hacker to do all kinds of crazy things. That's where people have not caught up, and in the future we will have to start making choices with regards to whether we want to expend the resources for true security. And we might do it if there are enough incidents to justify it -- but perhaps not before.
4. Re:No surprise by Anonymous Coward · 2014-01-12 05:52 · Score: 0
  
  A banal, foul statement like this is deemed "Insightful" here? Maybe that's because it wasn't Interesting or Funny. Just a theory.
Sat tracking by spacefight · 2014-01-11 23:28 · Score: 2

And nowadays we know that sat tracking is easy these days thanks to various free and open software/hardware around.

If you can spare some minutes on a lazy Sunday, watch Travis Goodspeeds Talk on 30C3 from a couple of weeks ago.

http://www.youtube.com/watch?v=ktnQ7nBCuqU
1. Re:Sat tracking by megabeck42 · 2014-01-12 00:43 · Score: 1
  
  Can't you just download the keplerian elements from NORAD and use gpredict? Actually, doesn't gpredict automate that for you? I don't think you need any special hardware, just an accurate clock.
  
  --
  fnord.
2. Re:Sat tracking by spacefight · 2014-01-12 04:19 · Score: 1
  
  I think if you want to track the a bit more convienient, you need a motorized dish.
CRACKING... by Anonymous Coward · 2014-01-11 23:35 · Score: 0

!= Hacking, /.
1. Re:CRACKING... by Sinus0idal · 2014-01-11 23:48 · Score: 1, Insightful
  
  Sorry but these days it does, that battle is lost. The common lexicon doesn't wait around for the old school.
Misleading headline. by 140Mandak262Jamuna · 2014-01-12 01:24 · Score: 1

The headline is strangely construed to convey a false sense of security that large satellite dish systems are not ripe for hacking. All systems are no stronger than their weakest (back) door.

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
captain midnight hacked HBO years ago by Joe_Dragon · 2014-01-12 05:15 · Score: 2

GOODEVENING HBO
FROM CAPTAIN MIDNIGHT
$12.95/MONTH ?
NO WAY !
[SHOWTIME/MOVIE CHANNEL BEWARE!]
1. Re:captain midnight hacked HBO years ago by Anonymous Coward · 2014-01-12 15:21 · Score: 0
  
  no im pretty sure it was the reverse the cable companies are the ones who got free satellite shut down back in the 70s because it was cutting in on the profits and people were just running thier own rigs point blank in the clear. if your really dedicated you can still pull video only through video cipher II and audio via an F card emulator and if you have some form of video accumlation device you can sync the 2 and have some hodge podge ass hack system still, now that i said that im sure Direct and dish will go on a sue-a-thon like they did back in the late 90s.
IP addresses for the open sites by netwiz · 2014-01-12 06:33 · Score: 1

Anyone notice that he "hidden" or blanked out addresses were still listed in clear text just below the erased entries, albeit in slightly smaller text? Best part is they still let you see the protocol types the sites responded to. Telnet for the win, are they serious?
Residential dishes? by antdude · 2014-01-12 11:45 · Score: 1

Are you saying we can hack our residential TV dishes like from Dish, DirecTV, etc.?

--
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
You won't get hacked running Hughesnet by Anonymous Coward · 2014-01-12 15:02 · Score: 0

If a hacker gets into a box on a Hughesnet, He'll notice the 1200 millisecond ping times and 64 Kbps upstream bandwidth and say "Ewww! Hughesnet!" then promptly logout and never return again.
More susceptible to DDoS attacks? No. by kriston · 2014-01-13 09:05 · Score: 1

Aside from the attack in the article, one might think that VSAT terminals are much more susceptible to DDoS attacks because of their limited bandwidth and the carrier's Fair Access Policy. One might assume that pretty much anyone who wanted to could just send data to the IP address of one and The FAP will restrict the throughput.
The thing is, the commercial VSAT providers have already thought of this. Each terminal is on a private network behind a NAT already, even if you're not using the software proxy accelerator. Incidentally, modern terminals already have the network accelerator built into the VSAT modem, but regardless of this most VSAT terminals are on private networks and can't be reached directly.
Back to the article, the uplink exploit is well-known and several decades old, as another poster reminds us of the 1980 Captain Midnight incident. Even in this case, the best you can do is deny service, and you'll eventually be caught doing it.
At the earth station you're not going to be stealing any data, as it's encrypted on the way down and you're not going to be breaking into the facility.
You're not likely to find them by scanning networks, either, as mentioned earlier most VSAT terminals are on private networks. Even if you were to reach the terminal directly the management port isn't reachable from the outside world, just the private network of the VSAT operator.
The article is an interesting bit of speculation, and has the obligatory mentions of Afhanistan, SCADA, and the SHODAN search engine.

--
Kriston