PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Satellite Communications Hacks Are Real, And They're Terrifying

A researcher at the Black Hat conference in Las Vegas revealed new attacks that can take control of SATCOM devices. Hackers could remotely attack planes, boats, and military tech, sending high-powered transmissions to fry electronics and biological tissue.

Max Eddy
 & Max Eddy Former Lead Security Analyst

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

LAS VEGAS— Where fiber and cell phones can't reach, satellite communications (SATCOM) systems pick up the slack. At the Black Hat security conference in Las Vegas, a security researcher demonstrated that not only are SATCOM systems vulnerable to attack, the consequences could be dire.

Black Hat Bug ArtAt a press conference held a day before his Black Hat presentation, Ruben Santamarta, principal security consultant the security company IOActive, gave a preview of his talk on new SATCOM attacks. At Black Hat 2014, Santamarta showed some proof-of-concept attacks on SATCOM systems. Four years later, his new research proves that these attacks are not merely theoretical.

Attacking SATCOM

Santamarta said his research focused on three main sectors that use SATCOM systems: aviation, maritime, and military. He found that all of these sectors were vulnerable in different ways, and all of his attacks could be executed remotely. While he found potential security breaches in all sectors, but also uncovered specific safety risks for SATCOM use in military and maritime fields.

In the case of aviation SATCOM, Santamarta said he could attack an aircraft in flight from the ground, and could intercept and disrupt non-safety communications, including the onboard public Wi-Fi. While Santamarta stressed that his extensive work with government agencies and aviation companies found no specific safety risk for aviation SATCOM systems, his attacks could be used to compromise security. The digital devices used by the passengers and the crew of the aircraft, for example, could be attacked via the onboard Wi-Fi.

Hacked Wireless Local Area Network Router

In the case of maritime and military SATCOM use, Santamarta discovered vulnerabilities that could actually endanger the lives and wellbeing of people relying on these systems. He could, for instance, alter the antenna position or configure the antenna to use so much power that it compromised navigational systems. The ship's crew and passengers would be left adrift at sea without reliable navigation.

Concerning military SATCOM systems, Santamarta found he could extract the exact GPS coordinates of the antenna to reveal the location of military installations. This poses a clear security and safety risk to military personnel in the field.

Going High-Powered

In his research, Santamarta found he could control not only the position of the SATCOM antennas, but the power of the transmission as well. This meant he could potentially attack the transponders within satellites themselves. This could have drastic earthbound consequences.

"It is possible to use a specific amount of power in the transmission to create a scenario where biological and electrical systems can be affected," Santamarta explained. "This can be used to create burns if [people] are affected by the transmission of the attena."

SATCOM hacks could also cause malfunctions in electrical systems. The principle of the antennas, said Santamarta, was very similar to a microwave oven, hence the possibility of the so-called "cyber-physical attacks" he described.

Because of the sensitive nature of his research, Santamarta and representatives from his employer IOActive stressed the cooperation between themselves, vendors, and relevant government agencies in order to ethically disclose the vulnerabilities. Santamarta said mitigations for these attacks are already in development. However, fixing these problems completelyy could be more challenging. SATCOM devices are expensive and physically attached to vehicles and buildings, making repair or replacement difficult.

Santamarta will provide more details about his attack in an upcoming Black Hat talk, but some details will have to be disclosed over the course of months in order to do so ethically. Keep reading PCMag.com for more coverage from Black Hat 2018.

About Our Expert

Max Eddy

Max Eddy

Former Lead Security Analyst

My Experience

Since my start in 2008, I've covered a wide variety of topics from space missions to fax service reviews. At PCMag, much of my work focused on security and privacy services, as well as a video game or two. I also wrote the occasional security columns, focused on making information security practical for normal people. I helped organize the Ziff Davis Creators Guild union and served as its Unit Chair.

My Areas of Expertise

  • Technology, security, and privacy
  • Security and privacy software, including VPNs
  • Hardware multi-factor authentication keys
  • Open-source software and hardware
  • Election security and disinformation
  • Interpreting infosec research for a wider audience
  • Amateur Myst historian

Read the latest from Max Eddy

Read full bio