Hacking Satellite Tracking Systems for $1000

GlobalStar-Satellite-Tracking-Devices-3-726x400

A security researcher demonstrated how to hack a satellite tracking technology with a $1,000 device made of off the shelf components.

Colby Moore, a security expert from security firm Synack, will present in a talk at the next Black Hat Conference how to hack satellite tracking technology by using a $1,000 device made of off the shelf components.

The possible consequences are serious if we consider that satellite tracking technology is practically used in every industry, including cargo shipment and themilitary.

Moore focused its analysis on GlobalStar systems, the vendor provides satellite tracking devices to its customers that want to track their assets. The GlobalStar satellite tracking devices can also be used to monitor industrial critical infrastructure such as pipelines, or to track hikers and other adventurers who use GlobalStar’s consumer tracker called “Spot.”

GlobalStar Satellite Tracking Devices

Moore will demonstrate that communications between GlobalStar tracker devices and its constellation of satellites is not secure and open to cyber attacks, hackers, in fact, can intercept data transferred and spoof the signal sent to the satellites.

“We’re only at the tip of the iceberg for the implications around this,” Moore told Motherboard. “It’s really critical that these companies start taking security seriously.”

Moore sustain that the company GlobalStar isn’t taking security seriously and it isn’t protecting its customers.

“It’s really critical that these companies start taking security seriously.”

GlobalStar satellite tracking devices are used for various purposes, they can be used to monitor industrial critical infrastructure such as pipelines, or to track adventurers.

Moore pointed out that the entire family of devices provided by GlobalStart relies on the flawed technology, known as the Simplex data network, which is used to transmit data between the tracking devices and the satellites.

The researcher made a reverse engineering of the protocol discovering that it is easy to intercept communication data in transit. Moore has built device composed of a satellite antenna, a software defined radio transceiver, and an amplifier, that allows him to capture data sent by GlobalStar transmitters to the satellites.

GlobalStar Satellite Tracking Devices 2

The device allows attackers to see the position of every satellite tracker, and can even hijack and spoof the data, tricking the trackers and making them believe to be in a different location.

The device cost only around $1,000, Moore plans to release the hardware specifications as well as the code he developed at the Black Hat.

The repercussions on security could be serious, as explained by the MotherBoard.

“For example, a criminal could track a vehicle, say an armored car, for days to learn its regular path. The intercepted data doesn’t reveal what kind of vehicle a tracker is installed on, but regular patterns might give that away—think of a vehicle that constantly goes between banks or diamond shops.” wrote Lorenzo Bicchierai from MotherBoard.

At that point, the criminal could hijack it, disable the satellite transmitter, and use another transmitter to show to the company that the armored car is on its regular track “but in reality you’re hijacking it and taking it somewhere else,” Moore said.

Currently the device is able to track devices in a range of “several miles”, future improvements will allow Moore to extend the range up to 2,000 miles.

“In the future I’ll be able to see 2,000 miles around me for every base station I set up,” explained Moore.

Moore reported the flaws to GlobalStar more than six months ago without receiving any reply.

The bad news for GlobalStar’s customers is that it is likely the firmware on the device could not be updated so the company would have to recall them.

The GlobalStar immediately replied to the claims, a spokesperson for GlobalStar released the following statement via email:

“engineers would know quickly if any person or entity was hacking our system in a material way, and this type of situation has never been an issue to date.”

Moore doesn’t believe the explanation provided by the company’s spokesman.

“Its very possible that GlobalStar does have internal monitoring mechanisms,” he said in an email. “But due to the nature of the flaws I have discovered, I believe it would be impossible to monitor if someone is intercepting data and using it for malicious purposes.“

I can’t wait for the talk …

###

Pierluigi Paganini is Chief Information Security Officer at Bit4Id, firm leader in identity management, member of the ENISA (European Union Agency for Network and Information Security)Treat Landscape Stakeholder Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.