Satellite remote network links may be soft targets for attackers
Land-based terminals that send data to satellites may be a soft target for hackers, an analysis from a computer security firm shows.
Very small aperture terminals (VSAT) supply internet access to remote locations, enabling companies to transmit data from an isolated network to an organisation’s main one. The devices are used in a variety of industries, including energy, financial services and defence.
VSATs face the Internet just does any other server, and the terminals have IP address ranges that can be scanned, which is exactly what security firm IntelCrawler did to get a feel for whether the terminals were vulnerable to attack.
The scan, conducted about three months ago, was benign and merely looked for responses. Depending on the response from the VSAT, cyberinvestigators can, within legal bounds, get an idea of what attacks could open the device up to spying.
“The door might be six inches open, and of course you’re not going go in, but you can see there’s a vulnerability there,” said Dan Clements, IntelCrawler’s president. The company specialises in studying the source of cyberattacks.
It found almost 3 million VSATs, mostly in the US, of which more than 10,000 were “open,” either using default passwords or had open ports, according to an IntelCrawler blog post.
The issues do not appear to be an inherent problem with the VSATs but rather that the devices have been configured insecurely, a common IT security mistake. Some of the VSATs have telnet, a network communication protocol, enabled while others have default factory password settings.
“There’s a lot of information that could be used in a nefarious way,” Clements said. “Certainly you could put together a plan to go after certain grids or dams or power plants and have access to the centralised network at some point.”
One of the largest manufacturers of VSAT is Hughes, a division of EchoStar of Englewood, Colorado, which specialises in satellite and video-delivery services. IntelCrawler found 9,045 open Hughes VSATs.
VSATs from Hughes are used in offsite ATMs, several national central banks, nine out of 10 of Brazil’s largest banks and on 90,000 financial sites in countries from Azerbaijan to Zimbabwe, according to a 2012 report from Comsys, a satellite industry consultancy.
IntelCrawler found 313 open UHP VSAT terminals, made by Romantis Satellite Communications of Berlin, and 1,142 VSATs from SatLink, which is owned by Emerging Market Communications.