Join our brand new verified AMN Telegram channel and get important news uncensored!

Flaw in some satellite communication terminals can expose US troops’ location

SOFWERX hosted a Cyber Capability Expo at their newest facility in Tampa, Fla., Oct. 19, 2017. The expo sought to identify novel, new and provocative cyber technologies to meet current and future special operations forces requirements. (U.S. Air Force photo by Master Sgt. Barry Loo)

Some satellite communication terminals that the military uses in forward-deployed locations are highly vulnerable to a pervasive flaw, according to researchers with cybersecurity company IOActive. Company officials say they are already working with the Defense Department and the vendors that produce the buggy equipment. But because some of the terminals are currently with troops at forward operating bases, the researchers declined to name them, due to security concerns.

IOActive researcher Ruben Santamarta uncovered the vulnerability, which he said could be used to intercept GPS downlink signals that reveal the location of a terminal and the soldiers using it.

The terminals’ self-pointing antennas use GPS, and sometimes instructions from their operators, to aim themselves at the right satellite. That location data is supposed to be visible only to the operator, through management software. Santamarta showed he could access that management software remotely.

“Some of the exposure happened because of misconfiguration issues. It was not solely an issue with the product,” John Sheehy, director of strategic service for IOActive said. “The configuration issue is very fixable. We’ve confirmed that some of them have been fixed.”

Santamarta said that while the risk to troops is high, the risk of bad actors actually being able to use the exploit was only medium.

His research also suggests that slightly larger SATCOM terminals, of the sort used in civilian maritime operations, can be manipulated to shoot nearby people with radio waves in order to cause pain. “Using a specific amount of power, it is possible to create a scenario in which biological tissue is affected, [as well as] electronic and electrical systems. This can be used to create burns or provoke malfunctions in electrical system.” He revealed his work at this year’s Black Hat conference in Las Vegas, Nevada.

Four years ago, Santamarta revealed pervasive problems in satcom systems manufactured by Harris, Hughes, Cobham, Thuraya, JRC, and Iridium.


© 2018 By National Journal Group, Inc. All rights reserved.

Distributed by Tribune Content Agency, LLC.