Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Small Satellite Dish Systems 'Ripe For Hacking'

Soulskill posted about 7 months ago | from the will-dish-it-out,-but-can't-take-it dept.

Security 44

The Walking Dude writes: "According to the CS Monitor, 'Thousands of small satellite dish-based computer systems [VSATs] that transmit often-sensitive data from far flung locations worldwide – oil rigs, ships at sea, banks, and even power grid substations – are at high risk of being hacked, including many in the United States, a new cyber-security report has found.' Dr. Jason Fritz said, 'Vulnerabilities exist at all nodes and links in satellite structure. These can be exploited through Internet-connected computer networks, as hackers are more commonly envisioned to do, or through electronic warfare methodologies that more directly manipulate the radio waves of uplinks and downlinks.'"

cancel ×

44 comments

#BadBIOS - BIOS Malware (-1, Offtopic)

Anonymous Coward | about 7 months ago | (#45931099)

#BadBIOS - BIOS Malware

        #

        - Copernicus: Question Your Assumptions about BIOS Security

        http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/copernicus-question-your-assumptions-about [mitre.org]

        - "Seems to have a BIOS hypervisor, SDR functionality that bridges air gaps, wifi card removed."

        https://twitter.com/dragosr/status/388512915742937089 [twitter.com]

        =

        - #BadBIOS

        https://twitter.com/search?q=%23BadBIOS [twitter.com]

        =

        - "More on my ongoing chase of #badBIOS malware."

        https://plus.google.com/103470457057356043365/posts/9fyh5R9v2Ga [google.com]
        https://plus.google.com/103470457057356043365 [google.com]

        =

        - Nobody Seems To Notice and Nobody Seems To Care: Government & Stealth Malware

        http://slexy.org/view/s2otvoDuKW [slexy.org]

        =

        - Gpu based paravirtualization rootkit, all os vulne

        http://forum.sysinternals.com/gpu-based-paravirtualization-rootkit-all-os-vulne_topic26706.html [sysinternals.com]

        =

        - #badBIOS (and lotsa paranoia, plus fireworks)

        https://kabelmast.wordpress.com/2013/10/23/badbios-and-lotsa-paranoia-plus-fireworks/ [wordpress.com]

        =

        - Air-Gap-Breaching BIOS Rootkits with SDRs Inside (and smartphones, Snowden, NSA, Wikileaks)

        "A little while back I covered a paper on FPGAs that could turn themselves into SDRs. I suspected this would be one way to breach an air gap.

        It seems I was right on the money. If a little behind the times.

        Researchers have found an incredibly persistent BIOS rootkit in the wild that includes SDR functionality⦠literally turning your computer into a radio transmitter to exfiltrate data even if youâ(TM)re not connected to the Internet." [..]

        "The researchers were using a new tool, Copernicus, which sadly seems to be Windows-only. Nevertheless a number of you might be interested in checking it out.

        There is one enduring mystery of this rootkit⦠how does it survive BIOS reflashes?" [..]

        https://kabelmast.wordpress.com/2013/10/11/air-gap-breaching-bios-rootkits-with-sdrs-inside-and-smartphones-snowden-nsa-wikileaks/ [wordpress.com]

        https://twitter.com/dragosr/status/388511686744764416 [twitter.com]

        - IMHO Copernicus is the most important security tool in recent history. Already found persistent BIOS malware (survives reflashing) here.

        https://twitter.com/dragosr/status/388512915742937089 [twitter.com]

        - and thatâ(TM)s not even interesting part. Seems to have a BIOS hypervisor, SDR functionality that bridges air gaps, wifi card removed.

        https://twitter.com/dragosr/status/388521551693217792 [twitter.com]

        - Copernicus BIOS verification. Also if tool is mysteriously failing or weird output full of FFs you may have problem. http://goo.gl/AHLwbD [goo.gl]

        https://twitter.com/dragosr/status/388534580493287424 [twitter.com]

        - This particular BIOS persistent malware sample seems use TLS encrypted DHCP HostOptions as a command and control.

        https://twitter.com/dragosr/status/388535672828485632 [twitter.com]

        - this sample was on a Dell Alienware, but we have verified infected Thinkpads and Sonys too. Potentially MacBooks, unverified.

        https://twitter.com/dragosr/status/388632113496350721 [twitter.com]

        - Infected BIOS really dislikes to boot from external devices, almost always goes to internal disk, regardless of settings.

        https://twitter.com/dragosr/status/388702180590354433 [twitter.com]

        - Infected BIOS: back channel is via odd fixed length NetBIOS DNS lookups & blocks of IPv6 DNS lookups, even on machines with V6 sw disabled.

        https://twitter.com/dragosr/status/388695497134731265 [twitter.com]

        - Infected BIOS: can rule out disk drive firmware, using new drives fresh from foilpack, @ioerror â" expensive tests to run, ouch.

        http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/copernicus-question-your-assumptions-about [mitre.org]

        "Copernicus dumps the BIOS so inspection (such as comparing against a clean copy) is possible, and also checks the status of the configuration to determine if the BIOS can be modified.

        How does it work? The tool is implemented as a kernel driver that creates a file containing the BIOS dump and a file containing the raw configuration information. When deployed in enterprise environments, scripts can send the raw BIOS dump and configuration information to a server for post-processing. This processing can indicate whether a given BIOS differs from an expected baseline, and it can also indicate whether the BIOS or the computerâ(TM)s System Management RAM (where some code loaded by BIOS continues running after boot)."

        =

        - Persistent BIOS malware with hypervisor and SDR found

        http://www.wilderssecurity.com/showthread.php?t=354463 [wilderssecurity.com]

        =

        - [Cryptography] programable computers inside our computers

        Quoting Viktor Dukhovni (2013-10-22 06:50:38)
        > I am much more concerned about the proliferation of miniature programmable
        > computers inside our computers (CPUs and programmable firmware in disk
        > controllers, battery controllers, BMC controllers, with opaque binary firmware
        > update blobs, and complex supply chains) that about secp256r1 vs secp521r1.
        >
        > We thought embedded devices were for physical infrastructure
        > engineers to worry about, but now they are proliferating inside
        > our general purpose computers. The next Stuxnet will run on one
        > of the invisible computers inside your computer.

        http://www.metzdowd.com/pipermail/cryptography/2013-October/018380.html [metzdowd.com]

        =

        Researcher discovers mysterious BIOS malware [Translated]

        Friday, October 11th, 2013, 14:53 by Editorial

        "A security researcher has discovered several laptops mysterious malware hiding in the BIOS of computers. The BIOS (Basic Input / Output System) is a set of basic instructions for communication between the operating system and the hardware.

        It is essential for the operation of the computer, and also the first major software running at the start-up. An attack on the BIOS may have far-reaching consequences and is difficult to detect. Example by a virus on the desktop

        Researcher Dragos Ruiu, creator of the famous Pwn2Own hacker competitions, reports via Twitter that he has discovered that flashing the BIOS can survive. Persistent BIOS malware In addition, the malware on a BIOS hypervisor, also called a virtual machine monitor (VMM) in which a virtual machine is running, and Software Defined Radio (SDR) functionality to 'air gaps to bridge.

        SDR is a radio communication system in which components that are normally part of the hardware (for example, mixers, filters and amplifiers) are carried out by means of software on a computer. A-SDR basic system can consist of a computer with a sound card or other analog-to-digital converter preceded by a form of RF front end.

        Air gap

        An air gap is a computer that is not connected on the internet. Recently left security guru Bruce Schneier even know that he uses an air gap for the documents whistleblower Edward Snowden, he also examines, with a computer that has never been connected on the internet. By means of the SDR attackers would also be able to communicate in this way. With the machine

        The malware was discovered by the Copernicus tool that dumps the contents of the BIOS and then to examine them. Dump Ruiu states that Copernicus seen the discovery of the BIOS malware already the main tool of the recent times.
        Laptops

        The researcher reports that the BIOS malware on a Dell Alienware, Thinkpads and Sony laptops is found. Would have become infected MacBooks also possible but has not been confirmed. The malware uses DHCP options for encrypted communication. Using their skill On the basis of the tweets that the investigation into the malware is still in progress. Security.NL Ruiu has asked for more information. As soon as more details are known, we will let you know."

        https://www.security.nl/posting/366329/Onderzoeker+ontdekt+mysterieuze+BIOS-malware [security.nl]

        =

        - New Bios Malware

        http://www.kernelmode.info/forum/viewtopic.php?f=16&t=2998 [kernelmode.info]

        =

        eof

Even satellite can be hacked (3, Informative)

Taco Cowboy (5327) | about 7 months ago | (#45931155)

In the 1990's a communication satellite belonging to China was hacked and the hackers (rumored to be a state-sponsored hacker group) changed the tee vee channels on that satellite to carry anti CCP programs.

Almost 20 years have passed and nobody claimed responsibility over that incident, but it is believed that the hacker group was sponsored by some state (nation) because it does take quite a bit more ooomph in term of beaming power in order to hack into a satellite orbiting the Earth.

As for that particular Chinese communication satellite, China tried to "unhack" that bird but failed. So China took the "Plan B" route - they junked that bird, shut everything on that satellite down and now it's floating up there doing nothing.

Re:Even satellite can be hacked (0)

Anonymous Coward | about 7 months ago | (#45931401)

There ya go, reply to a troll to get your post up near the top! Yeah, no one would ever notice that.

Re:Even satellite can be hacked (0)

Anonymous Coward | about 7 months ago | (#45931489)

There ya go, reply to a troll to get your post up near the top! Yeah, no one would ever notice that.

Even Slashdot can be hacked

Wow (1)

Anonymous Coward | about 7 months ago | (#45931101)

The 'hacking' fud is getting thick lately...

Re:Wow (0)

Anonymous Coward | about 6 months ago | (#45937237)

Exactly my thoughts ..

We'll see (2, Interesting)

Anonymous Coward | about 7 months ago | (#45931111)

I have a hard time taking anything with the word "cyber" seriously.

Re:We'll see (5, Funny)

JustOK (667959) | about 7 months ago | (#45931179)

Offenders should be sent to Cyberia

Re:We'll see (5, Funny)

Anonymous Coward | about 7 months ago | (#45931265)

to the Googlags

Re:We'll see (1)

JustOK (667959) | about 7 months ago | (#45931455)

BING!

Re:We'll see (1)

davester666 (731373) | about 6 months ago | (#45933211)

Yahoo! Finally some clear thinking.

Re:We'll see (0)

Anonymous Coward | about 6 months ago | (#45935447)

Great - you guys are out of search engines.

Alta la Vista, bad puns.

Re:We'll see (1)

foobar bazbot (3352433) | about 6 months ago | (#45938501)

Mind if I join this Dogpile?

Re:We'll see (0)

Anonymous Coward | about 6 months ago | (#45948439)

walkimus

Re:We'll see (1)

VortexCortex (1117377) | about 7 months ago | (#45931501)

Offenders should be sent to Cyberia

I whole heartedly agree... Hell, just 30 minutes of that would be punishment enough. [youtube.com]

Re:We'll see (2)

rmdingler (1955220) | about 7 months ago | (#45931543)

Heh heh. Nice.

Perhaps this is a model we've seen before.

As each exploit breaches a security vulnerability, the patch makes the security a little better, rinse, repeat... and then before you know it, some headless bureaucrat insists on security considerations as an important development consideration.

It has been described as an arms race by folks smarter than me, and that means it's a scenario that doesn't suck for future IT employment,

Re: We'll see (0)

Anonymous Coward | about 7 months ago | (#45931583)

Hook them up with some Accella and watch them blow their brains out.

Competition. (2, Insightful)

Anonymous Coward | about 7 months ago | (#45931141)

I don't take computer security seriously any more. Everything's an arms race where the only way to win is not to be important enough for anyone to want to make an effort against you.

If we had a culture based on cooperation rather than competition, we wouldn't have everyone taught and therefore trying to get one up on everyone else.

It's been hundreds of years since humanity has established new societies based on cooperation (no, Marxism-Leninism is nothing of the sort). Let's stop lazily thinking of ourselves and try again, if we're intelligent enough.

Re:Competition. (1)

peragrin (659227) | about 7 months ago | (#45931303)

cooperation only works if you are not greedy or jealous.

computer security needs to be thought of in the beginning. and it never really has been.

from the protocols on up. security has generally been the last thought of computer programmers.

Re:Competition. (0)

Anonymous Coward | about 7 months ago | (#45932675)

I don't take computer security seriously any more. Everything's an arms race where the only way to win is not to be important enough for anyone to want to make an effort against you.

Maybe this explains Stallman's ongoing campaign to make GNU software as unappealling as possible to the general public: by evangelizing that "free as in freedom" is what's really important, not "free as in beer", and by insisting that Linux be called "the GNU/Linux" system, he's actually just implementing a convoluted security strategy.

Skeptical. (1)

vikingpower (768921) | about 7 months ago | (#45931165)

Although I nearly daily read papers from almost any university in the world, I had never heard of Bond "university". Which Bond is this - James Bond ?

On a more serious note, though: "IntelCrawler" does not ring a bell, either. The only somewhat creditworthy title being cited is csmonitor. For the moment I am writing TFA off as hype-generation and FUD. I would love to be proved wrong, however.

Re:Skeptical. (-1)

Anonymous Coward | about 7 months ago | (#45931195)

Man, your bayerhole is so juicy! I can't wait to sink my fetid cock into that rectum-lickin' good rancid asshole of you ares! Wow, you've even prepared a feces surprise for my eager little friend...! What say you?

Re:Skeptical. (0)

Anonymous Coward | about 7 months ago | (#45931201)

Although I nearly daily read papers from almost any university in the world, I had never heard of Bond "university". Which Bond is this - James Bond ?

Re:Skeptical. (1)

maxwell demon (590494) | about 7 months ago | (#45931329)

Maybe they refer to this Bond? [wikipedia.org]

Re:Skeptical. (0)

Anonymous Coward | about 7 months ago | (#45931337)

No, that would be Alan Bond, who like James is interested in expensive yachts and diamonds, but unlike James was put into prison because he (allegedly) likes to manipulate shareholders and business partners instead of women.

Re:Skeptical. (1)

dbIII (701233) | about 7 months ago | (#45931619)

Which Bond is this - James Bond

Alan Bond initially put up the finance for that private University. It's probably the third biggest University in the state of Queensland and has a decent reputation in CS. Being located in a city built around tourism it attracts a few conferences.

As for the person it was named after - somehow Alan Bond managed to go broke selling beer to Australians.

... are at high risk of being hacked... (0)

Anonymous Coward | about 7 months ago | (#45931167)

Fucking NSA.

No surprise (3, Insightful)

Anonymous Coward | about 7 months ago | (#45931219)

All software is shit, all hardware too. We've long abandoned a development model that is focused on correctness. It has been features, features, features for decades. So what do you expect? Of course everything's ripe to be hacked. We had a choice.

Re:No surprise (2, Insightful)

Anonymous Coward | about 7 months ago | (#45931377)

"Abandoned" implies that this used to exist. Look at FTP, horrifically complex protocol that handles a lot of what we use load balancers to do today with zero security. The good old days weren't quite as good as we remember them to be.

Re:No surprise (2)

toshikodo (2976757) | about 7 months ago | (#45931417)

I disagree, we never had a choice to do anything other than build these systems with their bugs. I know because I was there back in the dawn of remote digital telemetry systems. We had enough issues with just getting the stuff out of the door on time and to budget (and usually failed on both counts). Development models such UML & quality standards like ISO9001 just didn't exist back then.

We we pioneers, not engineers.

The real problem here is with the CEOs of the corporations that use this old tech. They won't do anything about it until they are forced to, either because some hacker causes the sort of damage that results in multi-million dollar law suits, or (and this is much less likely) the legislators force them to do something about it.

Re:No surprise (3, Insightful)

KingOfBLASH (620432) | about 7 months ago | (#45931557)

Most locks can be picked with a lock pick

Many cars can be compromised with a screwdriver and thin piece of metal to open them.

Many anti-shoplifting devices can be disabled if you know how.

The list goes on.

True security costs money and effort. A LOT of it.

For most applications, as a society, we err on the side of too little security (and accept the small chance that security will be compromised, because it's not an issue).

This is because, historically, security issues have been quite local. People don't steal enough in most neighborhoods to justify putting bars on your windows. People don't shoplift enough to justify a full cavity search of anyone entering or exiting a department store.

Technology is of course changing all of that. Before, if we know there is a 1 in a million chance of a bad guy in the population, most small communities were not afraid. Now, it is possible for a single determined hacker to do all kinds of crazy things. That's where people have not caught up, and in the future we will have to start making choices with regards to whether we want to expend the resources for true security. And we might do it if there are enough incidents to justify it -- but perhaps not before.

Re:No surprise (0)

Anonymous Coward | about 7 months ago | (#45932725)

A banal, foul statement like this is deemed "Insightful" here? Maybe that's because it wasn't Interesting or Funny. Just a theory.

Sat tracking (2)

spacefight (577141) | about 7 months ago | (#45931221)

And nowadays we know that sat tracking is easy these days thanks to various free and open software/hardware around.

If you can spare some minutes on a lazy Sunday, watch Travis Goodspeeds Talk on 30C3 from a couple of weeks ago.

http://www.youtube.com/watch?v=ktnQ7nBCuqU [youtube.com]

Re:Sat tracking (1)

megabeck42 (45659) | about 7 months ago | (#45931399)

Can't you just download the keplerian elements from NORAD and use gpredict? Actually, doesn't gpredict automate that for you? I don't think you need any special hardware, just an accurate clock.

Re:Sat tracking (1)

spacefight (577141) | about 7 months ago | (#45932237)

I think if you want to track the a bit more convienient, you need a motorized dish.

CRACKING... (0)

Anonymous Coward | about 7 months ago | (#45931227)

!= Hacking, /.

Re:CRACKING... (1, Insightful)

Sinus0idal (546109) | about 7 months ago | (#45931259)

Sorry but these days it does, that battle is lost. The common lexicon doesn't wait around for the old school.

Misleading headline. (1)

140Mandak262Jamuna (970587) | about 7 months ago | (#45931487)

The headline is strangely construed to convey a false sense of security that large satellite dish systems are not ripe for hacking. All systems are no stronger than their weakest (back) door.

captain midnight hacked HBO years ago (2)

Joe_Dragon (2206452) | about 7 months ago | (#45932521)

GOODEVENING HBO
FROM CAPTAIN MIDNIGHT
$12.95/MONTH ?
NO WAY !
  [SHOWTIME/MOVIE CHANNEL BEWARE!]
       

Re:captain midnight hacked HBO years ago (0)

Anonymous Coward | about 6 months ago | (#45936023)

no im pretty sure it was the reverse the cable companies are the ones who got free satellite shut down back in the 70s because it was cutting in on the profits and people were just running thier own rigs point blank in the clear. if your really dedicated you can still pull video only through video cipher II and audio via an F card emulator and if you have some form of video accumlation device you can sync the 2 and have some hodge podge ass hack system still, now that i said that im sure Direct and dish will go on a sue-a-thon like they did back in the late 90s.

IP addresses for the open sites (1)

netwiz (33291) | about 6 months ago | (#45932957)

Anyone notice that he "hidden" or blanked out addresses were still listed in clear text just below the erased entries, albeit in slightly smaller text? Best part is they still let you see the protocol types the sites responded to. Telnet for the win, are they serious?

Residential dishes? (1)

antdude (79039) | about 6 months ago | (#45934609)

Are you saying we can hack our residential TV dishes like from Dish, DirecTV, etc.?

You won't get hacked running Hughesnet (0)

Anonymous Coward | about 6 months ago | (#45935901)

If a hacker gets into a box on a Hughesnet, He'll notice the 1200 millisecond ping times and 64 Kbps upstream bandwidth and say "Ewww! Hughesnet!" then promptly logout and never return again.

More susceptible to DDoS attacks? No. (1)

kriston (7886) | about 6 months ago | (#45944103)

Aside from the attack in the article, one might think that VSAT terminals are much more susceptible to DDoS attacks because of their limited bandwidth and the carrier's Fair Access Policy. One might assume that pretty much anyone who wanted to could just send data to the IP address of one and The FAP will restrict the throughput.

The thing is, the commercial VSAT providers have already thought of this. Each terminal is on a private network behind a NAT already, even if you're not using the software proxy accelerator. Incidentally, modern terminals already have the network accelerator built into the VSAT modem, but regardless of this most VSAT terminals are on private networks and can't be reached directly.

Back to the article, the uplink exploit is well-known and several decades old, as another poster reminds us of the 1980 Captain Midnight incident. Even in this case, the best you can do is deny service, and you'll eventually be caught doing it.

At the earth station you're not going to be stealing any data, as it's encrypted on the way down and you're not going to be breaking into the facility.

You're not likely to find them by scanning networks, either, as mentioned earlier most VSAT terminals are on private networks. Even if you were to reach the terminal directly the management port isn't reachable from the outside world, just the private network of the VSAT operator.

The article is an interesting bit of speculation, and has the obligatory mentions of Afhanistan, SCADA, and the SHODAN search engine.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...