Vulnerabilities in certain brands of satellite communications terminals to access GPS data could be used to determine the location of military troops
Some satellite communication terminals used in military deployments in different locations are highly vulnerable to a widespread vulnerability, according enterprise network security investigators. The Department of Defense mentions that it is already working together with its suppliers to solve the flaws.
Enterprise network security experts who discovered the vulnerabilities commented that the terminals could be used to intercept the GPS signals that reveal the location of a satellite terminal and the location of the soldiers who use it.
Satellite terminal antennas use GPS, and sometimes they also rely on instructions from their operators to target the right satellite. Location data is supposed to be visible just for the operator through the management software, but research managers have shown that it is possible to access that management software remotely.
“Part of the data exposure occurred due to incorrect configuration problems. It was not just a problem with the product”, mentioned the enterprise network security experts. “The configuration problem can be repaired. In fact, some of these problems have already been resolved”, reported the Department of Defense spokesman.
Experts in enterprise network security from the International Institute of Cyber Security consider exploiting vulnerability poses a high risk to the troops, but the chances of any hacker to exploit the vulnerability are lower.
The research also suggests that slightly larger satellite terminals, such as those used in maritime operations, can be manipulated against nearby people using radio waves in order to cause pain. “Using a specific amount of energy, it is possible to create a scenario in which the biological tissue is affected, as well as the electronic and electrical systems. This can be used to cause burns or cause failures in electrical systems”, the experts added.
Four years ago, experts in enterprise network security had already revealed widespread problems in satellite communications systems manufactured by the companies Harris, Hughes, Cobham, Thuraya, JRC and Iridium.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.