Todos
← Back to Squawk list
Insecure satellite Internet is threatening ship and plane safety
More than a decade has passed since researchers demonstrated serious privacy and and security holes in satellite-based Internet services. The weaknesses allowed attackers to snoop on and sometimes tamper with data received by millions of users thousands of miles away. You might expect that in 2020—as satellite Internet has grown more popular—providers would have fixed those shortcomings, but you’d be wrong. (arstechnica.com) Más...Sort type: [Top] [Newest]
None of the examples listed are *satellite* insecurities. Instead, they are all protocol insecurities. However, just like WiFi, the ease of interception and modification tend to magnify the effect of these weaknesses. So why does the article imply that satellites themselves are the weaknesses? Purely for click-bait purposes.
One of the problems cited is the fact that the flight bag and cabin entertainment system use the same transceiver, which is something that can't be remedied in software. It's neither a inherent weakness in the satellites nor a protocol -- it's a design weakness due to cost-cutting,
- There is no basis for a claim of " a design weakness due to cost-cutting ".
The researcher can only claim he captured some data traffic for an electronic flight bag.
It's highly plausible that Sheer Laziness simply led some flight crew members to use unsecure airborne wifi service to conduct unencrypted comms with carrier ops. And happened that the transactions become data captured by the academic researcher.
As per my post nearby, the mere ability to snoop SATCOM data does not prove there's an aircraft safety vulnerability.
And what's your remedy to the supposed " design weakness due to cost-cutting " ? Shall we prevent aircrews from using Satcom altogether ? Shall we force them to only use non-satellite methods for datacomm ?
Again, its DEFCON week. Expect many more black hats to be wailing that the sky is falling.
The researcher can only claim he captured some data traffic for an electronic flight bag.
It's highly plausible that Sheer Laziness simply led some flight crew members to use unsecure airborne wifi service to conduct unencrypted comms with carrier ops. And happened that the transactions become data captured by the academic researcher.
As per my post nearby, the mere ability to snoop SATCOM data does not prove there's an aircraft safety vulnerability.
And what's your remedy to the supposed " design weakness due to cost-cutting " ? Shall we prevent aircrews from using Satcom altogether ? Shall we force them to only use non-satellite methods for datacomm ?
Again, its DEFCON week. Expect many more black hats to be wailing that the sky is falling.
If the end services properly encrypted their data before handing it off to the network, then it mostly doesn't matter how insecure the network is, since the network itself only receives encrypted data.
All software requiring network connectivity should assume by default that the network is insecure. This is the exact same thinking as drives the adoption of HTTPS. The S in HTTPS means that your network's security doesn't matter, because before the data even gets to your network card, it's already encrypted. (That relies on the security of the HTTPS protocol itself, and similarly the client software will have issues that way, but it's still better than assuming a safe network.)
All software requiring network connectivity should assume by default that the network is insecure. This is the exact same thinking as drives the adoption of HTTPS. The S in HTTPS means that your network's security doesn't matter, because before the data even gets to your network card, it's already encrypted. (That relies on the security of the HTTPS protocol itself, and similarly the client software will have issues that way, but it's still better than assuming a safe network.)
Regardless of encryption, if the in-flight entertainment system and the flight deck share a satellite transceiver, it could be possible to execute a denial of service attack or exploit a weakness in the software that runs the transceiver. Networking hardware and protocols get exploited every day.
Anyone who thinks this is theoretical doesn’t fully understand the possible impact.
Anyone who thinks this is theoretical doesn’t fully understand the possible impact.
Anyone who thinks that defeating the threat is a slam-dunk doesn’t fully understand the infrastructure.
- This week brings DOZENS of clickbait articles like this, since its DEFCON week. The annual show-and-tell where blackhats and wanna-bees trumpet their latest supposed exploits. Article presents showoffy acaedemic findings, (yes clickbait) but not a legititame aircraft safety issue.
Ability to snoop is NOT a safety issue. Flightaware tarcking functions are largely based on snooping ADS-B radio messages. Google snoops and sells most things folks do on the internet.
Ability to snoop is NOT a safety issue. Flightaware tarcking functions are largely based on snooping ADS-B radio messages. Google snoops and sells most things folks do on the internet.