Security researcher: Globalstar GPS at risk of hackers

1 Aug 2015 | Author: | No comments yet »

Globalstar GPS network (allegedly) vulnerable to hackers.

Researcher Colby Moore will be presenting findings related to a security issue with the Globalstar satellite network at Black Hat in Las Vegas next week. Taking advantage of this flaw, criminal hackers could track and hijack valuable cargo, such as military supplies or cash and gold stored in an armored car, according to Colby Moore, a researcher at security firm Synack, who plans to show off his findings at the upcoming Black Hat security conference. Seems to be a scene taken directly from the thriller movie, ‘Furious 7′ which recently hit the theaters; however these incidents are occurring in real life due to the vulnerabilities in the asset tracking system of valuable shipments and assets which is being exploited by the hackers.

Moore claims that the communications between trackers sold by GlobalStar and its constellation of satellites is insecure, allowing pretty much anyone to intercept it and even send its own spoofed signal to the satellites. This flaw, according to Moore, shows that satellite companies like GlobalStar aren’t taking basic steps to make their technologies secure. “We’re only at the tip of the iceberg for the implications around this,” Moore told Motherboard in a phone interview. “It’s really critical that these companies start taking security seriously.” GlobalStar markets its satellite tracking devices to corporations and government agencies that want to track their valuable assets. Globalstar’s satellite network used by GPS devices reportedly does not encrypt device data being transmitted, instead transmitting with it a bunch of “inconsequential data” while changing frequencies to, in essence, muddy the waters. Moore feels that there could be another possibility wherein hackers could also succeed in confusing the companies and military monitoring check points by feeding wrong coordinates which could result in chaos and ultimately make them believe that their shipment has been hijacked.

It’s also used in people-tracking systems for search-and-rescue missions and in SCADA environments to monitor high-tech engineering projects like pipelines and oil rigs to determine, for example, if valves are open or closed in areas where phone, cellular, and Internet service don’t exist. Said Moore, “I ended up figuring out how to decode the data in transit.” This is part of a larger alleged architectural issue in which the network does not ensure that data is coming from the devices from which it claims to originate. Using a device like this, Moore said, anyone can see where these trackers are, and can even hijack and spoof the data to make it look like they’re somewhere else to whoever is tracking them.

The tracking systems consist of devices about the size of a hand that are attached to a shipping container, vehicle or equipment and communicate with Globalstar’s low Earth-orbiting satellites by sending them latitude and longitude coordinates or, in the case of SCADA systems, information about their operation. This flaw is said to be very difficult or possible impossible to patch, and the existing vulnerability leaves data open for interception and attack from any number of entities: government agencies and spies, hackers, organized crime units, and more, who could get a glimpse of what is going on and where. A 2003 article about the technology, for example, indicated that the asset trackers could be configured to monitor and trigger an alert when certain events occurred such as the temperature rising above a safe level in a container or the lock on a container being opened. The intercepted data doesn’t reveal what kind of vehicle a tracker is installed on, but regular patterns might give that away—think of a vehicle that constantly goes between banks or diamond shops.

The satellites relay this information to ground stations, which in turn transmit the data via the Internet or phone networks to the customer’s computers. At that point the criminal could hijack it, disable the satellite transmitter, and use another transmitter to show to the company that the armored car is on its regular track—“but in reality you’re hijacking it and taking it somewhere else,” Moore said.

In the future, however, Moore said he plans to continue his research and try to intercept the data transmission from the satellite back down to Earth, as well as use the device from a plane, which should increase his range. Another most important hitch in the system is that Globalstar it uses ‘Simplex data network’ which does not use encrypted method of communication. Globalstar has more than four dozen satellites in space, and it’s considered one of the largest providers of satellite voice and data communications in the world. Additionally, its satellite asset-tracking systems—such as the SmartOne, SmartOne B, and SmartOne C—provide service to a wide swath of industry, including oil and gas, mining, forestry, commercial fishing, utilities, and the military. A spokesperson for GlobalStar dismissed Moore’s research, saying in an email statement that the company “engineers would know quickly if any person or entity was hacking our system in a material way, and this type of situation has never been an issue to date.” The spokesperson, however, did not answer a series of specific questions, such as how its engineers are actually able to “detect hacking” the systems, or whether and how they plan to patch this flaw.

The way Globalstar engineered the platform leaves security up to the end integrator, and so far, no one has implemented security.” In the commonly used asset tracker of Globalstar, the Simplex data transmissions are usually one-way wherein data is transmitted from device -satellite – ground station. Moore says its been around six months that he informed Globalstar regarding the vulnerabilities; however it seems the company has not carried out any steps to fix these vulnerabilities. Moore adds that Globalstar would need to take serious action for which they might have to re-architect the entire protocol for the tracker-satellite-ground station communication with the appropriate addition of encryption and authentication. In addition to asset-tracking, Globalstar produces a personal tracking system known as the SPOT Satellite Messenger for hikers, sailors, pilots and others who travel in remote areas where cell coverage might not be available so that emergency service personnel can find them if they become lost or separated from their vehicle. He also thinks the problem may not be unique to Globalstar trackers. “I would expect to see similar vulnerabilities in other systems if we were to look at them further,” he says.

The Simplex network uses a secret code to encode all data sent through it, but Moore was able to easily reverse-engineer it to determine how messages get encoded in order to craft his own. “The secret codes are not generated on the fly and are not unique. Moore spent about $1,000 in hardware to build a transceiver to intercept data from the tracking devices he purchased and an additional $300 in software and hardware for analyzing the data and mimicking a tracking device.

But an attacker could also just set up a receiver in an area where valuable shipments are expected to pass and track the assets as they move. “I put this on a tower on a large building and all the locations of devices [in the area] are being monitored,” Moore says. “Can I find a diamond shipment or a nuclear shipment that it can track?” It’s unclear how the military is using Globalstar’s asset-tracking devices, but conceivably if they’re being used in war zones, the vulnerabilities Moore uncovered could be used by adversaries to track supplies and convoys and aim missiles at them. Often the unique IDs on devices are sequential, so if a commercial or military customer owns numerous devices for tracking assets, an attacker would be able to determine other device IDs, and assets, that belong to the same company or military based on similar ID numbers. He believes that the hijackers would identify any shipment containing valuable cargo by intercepting the satellite signals and thus track the movement of the expensive cargo and transmit spoofed data. Thus the hijacker would just need to know this ID and then they can easily target the particular shipment and exploit the communication vulnerability.

Here you can write a commentary on the recording "Security researcher: Globalstar GPS at risk of hackers".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site