HackingMany VSATs operated with no security, leaving them vulnerable to hacking

Very-small-aperture terminals, or VSATs, are used by the oil and gas industry, utilities, financial firms, and news media to transmit information, often sensitive,a from remote locations to headquarters.

A new cybersecurity report by IntelCrawler, a Los Angeles-based cybersecurity firm, says that at least 10,500 VSATs are wide open to being hacked. “We found thousands and thousands of these systems with what are essentially their digital front doors left wide open,” Dan Clements, IntelCrawler’s president, told the Christian Science Monitor. “Someone needs to be aware that there are vulnerabilities here that could affect critical infrastructure, including utilities and financial systems.”

There are more than 2.9 million VSATs in operation around the world, with about two-thirds based in the United States, according to Comsys, a company that catalogs satellite links. IntelCrawler’s report says that many VSAT systems were found to use default passwords or no passwords at all, leaving the terminals vulnerable to even the most basic hackers. System administrators are urged to secure their terminals immediately.

“The fact that one can scan these devices globally and find holes is similar to credit card thieves in the early 2000’s just googling the terms ‘order.txt’ and finding merchant orders with live credit cards,” the report said. “The onus is on the enterprises, governments, and corporations to police themselves.”

The Ministry of Civil Affairs of China and the Ministry of Foreign Affairs of Turkey were discovered to be using VSAT systems which showed “a clear and present danger for hacks,” the report found. The report also found that geolocation data that physically locates the VSATs, is often available. Hackers could use the information along with Google Maps or Google Earth visually to map the physical security and layout of VSAT systems and the complex that houses them. This is critical if the complex were to be a power-grid substation or other critical infrastructure.

The report claims that all single VSAT user type showed vulnerability.

Beyond data theft or compromising critical infrastructure, hacking VSATs could provide cyber criminals an entry point to gain control of actual satellites and networks to which they are connected to. “Vulnerabilities exist at all nodes and links in satellite structure,” said Jason Fritz, an Australian cyber-expert at Bond University in Queensland. “These can be exploited through Internet-connected computer networks, as hackers are more commonly envisioned to do, or through electronic warfare methodologies that more directly manipulate the radio waves of uplinks and downlinks.”

Access to VSATs is not limited to cyber criminals. Nation-states and terrorist organizations are capable of taking advantage of the vulnerabilities exposed in the report.