This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.theguardian.com/technology/2014/apr/17/military-satellite-system-vulnerable-hacking
The article has changed 3 times. There is an RSS feed of changes available.
| Version 0 | Version 1 |
|---|---|
| Crucial military satellite systems are vulnerable to hacking, experts say | Crucial military satellite systems are vulnerable to hacking, experts say |
| (about 3 hours later) | |
| A range of crucial satellite systems | A range of crucial satellite systems |
| manufactured by some of the world’s biggest government contractors contain | manufactured by some of the world’s biggest government contractors contain |
| severe vulnerabilities that could be exploited to disrupt military operations | severe vulnerabilities that could be exploited to disrupt military operations |
| and flight-safety communications, researchers have warned. | and flight-safety communications, researchers have warned. |
| Security consultancy IOActive says it has uncovered various vulnerabilities in software and ground-based satellite systems | Security consultancy IOActive says it has uncovered various vulnerabilities in software and ground-based satellite systems |
| manufactured by British suppliers Cobham and Inmarsat. US firms Harris | manufactured by British suppliers Cobham and Inmarsat. US firms Harris |
| Corporation, Hughes and Iridium were also said to have produced vulnerable kit, | Corporation, Hughes and Iridium were also said to have produced vulnerable kit, |
| alongside Thuraya, a UAE provider, and Japan Radio Company. | alongside Thuraya, a UAE provider, and Japan Radio Company. |
| The Computer Emergency Response Team based | |
| in Carnegie Mellon University, which is sponsored by the Department of | in Carnegie Mellon University, which is sponsored by the Department of |
| Homeland Security, warned about a handful of the vulnerabilities in January. | Homeland Security, warned about a handful of the vulnerabilities in January. |
| But on Wednesday information on more alleged weaknesses was | But on Wednesday information on more alleged weaknesses was |
| released, amid growing concern the contractors are ignoring the threats. The latest report from IOActive suggested there were some easily hackable systems, many of which were designed for keeping aircraft, | released, amid growing concern the contractors are ignoring the threats. The latest report from IOActive suggested there were some easily hackable systems, many of which were designed for keeping aircraft, |
| ships and army personnel safe. | ships and army personnel safe. |
| 'Soldiers could be located, systems disabled' | 'Soldiers could be located, systems disabled' |
| Many of the issues lie in the Broadband Global Area | Many of the issues lie in the Broadband Global Area |
| Network (BGAN) satellite receivers that the manufacturers produce with | Network (BGAN) satellite receivers that the manufacturers produce with |
| Inmarsat, the satellite operator that provided tools vital in helping locate | Inmarsat, the satellite operator that provided tools vital in helping locate |
| the Malaysian passenger plane MH370 that crashed last month. BGAN is designed | the Malaysian passenger plane MH370 that crashed last month. BGAN is designed |
| to provide internet and voice connectivity for remote teams. | to provide internet and voice connectivity for remote teams. |
| The affected Harris BGAN | The affected Harris BGAN |
| satellite terminals are used by the military, including Nato, for tactical | satellite terminals are used by the military, including Nato, for tactical |
| radio communications. Thanks to the vulnerabilities, a hacker could install | radio communications. Thanks to the vulnerabilities, a hacker could install |
| malicious software on the devices to obtain the location of the soldiers using | malicious software on the devices to obtain the location of the soldiers using |
| the kit, or even disable the systems, according to IOActive. | the kit, or even disable the systems, according to IOActive. |
| Cobham produces most | Cobham produces most |
| Inmarsat terminals, a handful of which were found to be vulnerable. Those used | Inmarsat terminals, a handful of which were found to be vulnerable. Those used |
| in shipping, such as the Ship Security Alert System, could be exploited to | in shipping, such as the Ship Security Alert System, could be exploited to |
| prevent vessels detecting | prevent vessels detecting |
| distress messages or direct those containing sensitive cargo on a collision | distress messages or direct those containing sensitive cargo on a collision |
| course, suggested Ruben Santamarta, the IOActive researcher who found the alleged weaknesses. | course, suggested Ruben Santamarta, the IOActive researcher who found the alleged weaknesses. |
| The Cobham Aviator machines could be | The Cobham Aviator machines could be |
| compromised to alter satellite communications, such as the Aircraft | compromised to alter satellite communications, such as the Aircraft |
| Communications Addressing and Reporting System (Acars), used by a plane, he | Communications Addressing and Reporting System (Acars), used by a plane, he |
| added. | added. |
| A 'safety threat for the entire aircraft' | A 'safety threat for the entire aircraft' |
| Acars, which is used to transmit vital | Acars, which is used to transmit vital |
| information such as fuel levels, was initially used to track the movements of the MH370 flight soon after it disappeared, before | information such as fuel levels, was initially used to track the movements of the MH370 flight soon after it disappeared, before |
| Inmarsat stepped in to help. Attacks on the Cobham aircraft systems | Inmarsat stepped in to help. Attacks on the Cobham aircraft systems |
| could “pose a safety threat for the entire aircraft”, IOActive’s advisory read. | could “pose a safety threat for the entire aircraft”, IOActive’s advisory read. |
| Only Iridium had confirmed it was working on | Only Iridium had confirmed it was working on |
| fixes for the vulnerabilities. None of the other manufacturers had responded to | fixes for the vulnerabilities. None of the other manufacturers had responded to |
| contact from the Cert, which had been informed of the issues by IOActive, | |
| Santamarta said. | Santamarta said. |
| Neither Cobham, Inmarsat or Hughes offered a response to repeated requests by the Guardian to comment on the claims of vulnerabilities of their products. | Neither Cobham, Inmarsat or Hughes offered a response to repeated requests by the Guardian to comment on the claims of vulnerabilities of their products. |
| Santamarta was disconcerted by the lack of | Santamarta was disconcerted by the lack of |
| response from the vendors. “Usually you receive a reply or an email. We have | response from the vendors. “Usually you receive a reply or an email. We have |
| been reporting a lot of vulnerabilities in the past. This is the first time | been reporting a lot of vulnerabilities in the past. This is the first time |
| we've seen such behaviour. Usually, you get an email or something to | we've seen such behaviour. Usually, you get an email or something to |
| acknowledge the issue,” Santamarta told the Guardian. | acknowledge the issue,” Santamarta told the Guardian. |
| The manufacturers were warned about the | The manufacturers were warned about the |
| alleged vulnerabilities, some of which, it is claimed, could be exploited with little technical | alleged vulnerabilities, some of which, it is claimed, could be exploited with little technical |
| ability, in late 2013. The flaws are likely to have been present in the | ability, in late 2013. The flaws are likely to have been present in the |
| products for at least two years, added Santamarta. | products for at least two years, added Santamarta. |
| A cabinet office spokesperson provided this statement to the Guardian: "Cert-UK is aware of the report and expects all vendors to work to patch security vulnerabilities they are informed of. It is important that organisations know what technologies they use and check that they are updated regularly in order to receive critical security patches." | A cabinet office spokesperson provided this statement to the Guardian: "Cert-UK is aware of the report and expects all vendors to work to patch security vulnerabilities they are informed of. It is important that organisations know what technologies they use and check that they are updated regularly in order to receive critical security patches." |