14 DAY TRIAL // Yesterday, at the Black Hat USA 2015 conference in Las Vegas, Colby Moore, Synack's Manager of Special Activities, detailed a method of hacking the GlobalStart satellite network.
Mr. Moore's research went into finding security flaws in the communication protocol used by the satellites, which he did, being able to intercept and spoof received messages.
His research focused only on the GlobalStar network, a low Earth orbit satellite system used mainly for satellite phones, GPS devices, and low-speed data communications.
The hacking rig required only a $1,000 investment
According to a statement given to The Register, Mr. Moore achieved all of this using modest technical skills and a rig worth around $1,000 / €915.
The people in attendance for Mr. Moore's session were taken through a step-by-step process of breaking down GlobalStar's simplex satcom protocol, and then using the results to "intercept, spoof, falsify, and intelligently jam communications" of SPOT asset tracking solutions.
SPOT is a GPS tracking device that provides text messaging and GPS tracking, using the Globalstar satellite network.
Attackers could easily weaponize the vulnerabilities to trigger mass panic
Additionally, Mr. Moore also presented how the same GlobalStar protocol used in GPS-powered locator beacons "could be used to induce panic by simulating a large scale disaster and significantly disrupt a core emergency response service."
All of this was possible due to GlobalStar's lack of encryption in its communications protocol, along with other issues, which led the security researcher to conclude that "due to design tradeoffs these vulnerabilities are realistically unpatchable and put millions of devices, critical infrastructure, emergency services, and high value assets at risk."
GlobalStar was notified by Mr. Moore, and has responded via The Register with the following statement:
"Our engineers would know quickly if any person or entity was hacking our system in a material way and this type of situation has never been an issue to date. We are in the business of saving lives daily and will continue to optimize our offerings for security concerns and immediately address any illegal actions taken against our company."
For all you, tech geeks, a more technical presentation can be read online.
UPDATE: After publishing our story on Mr. Moore's presentation we were contacted by a GlobalStar representative which offered us the company's official response on this issue.