IOActive Researcher Ruben Santamarta discusses major vulnerabilities discovered in SATCOM equipment; Researcher Josep Rodriguez discloses security flaws in Extreme Networks WingOS, used in millions of devices globally
IOActive, Inc., a global research-driven security services, las week announced two new research papers presented at the Black Hat Las Vegas and DEF CON 26. Ruben Santamarta, Principal Security Consultant, presented his Black Hat talk “Last Call for SATCOM Security” and Josep Pi Rodriguez, Senior Security Consultant, presented his DEF CON talk, “Breaking Extreme Networks WingOS: How to Own Millions of Devices Running on Aircrafts, Government, Smart Cities and More”.
“Even though they are two unique bodies of research, both Ruben and Josep’s talks address supply chain risks that underscore the importance of why we must prioritise security for mission critical networks that many vital industries, including aviation and transportation, rely upon,” said Jennifer Steffens, CEO of IOActive. “As we celebrate our 20th anniversary this year, IOActive’s commitment has never been stronger in helping vendors find and fix major vulnerabilities like these ones. Our mission is and always has been to improve security overall and make the world a safer place.”
Santamarta’s research builds on his 2014 findings, describing theoretical scenarios that could result from the weak security posture of satellite communications products. Four years later, Santamarta’s Black Hat research reveals how hundreds of in-flight aircraft, military bases and maritime vessels are accessible through vulnerable SATCOM infrastructure.
IOActive’s team worked with the aviation industry, in conjunction with the Aviation Information Sharing and Analysis Center (A-ISAC), to ensure that the potential risks identified but couldn’t be tested were satisfactorily addressed. In addition, they confirmed that no critical flight operation systems were affected.
“The consequences of these vulnerabilities are shocking. Essentially, the theoretical cases I developed four years ago are no longer theoretical,” said Santamarta. “To my knowledge, my Black Hat talk is the first public demonstration of taking control, from the ground and through the Internet, of SATCOM equipment running on an actual aircraft.”
Santamarta tested additional devices in his latest research and examined attacks using SATCOM antennas, finding that several of the largest airlines in the U.S. and Europe had their entire fleets accessible from the Internet with hundreds of connections exposed. Maritime vessels around the world could also be placed at risk to attackers, as their SATCOM antennas could be used to expose the crew to RF radiation. Ultimately, this turns SATCOM devices into tools to cause radiation hazards and disruptive RF transmissions.
In related research, Rodriguez’s DEF CON presentation will highlight several critical vulnerabilities he found in Extreme Networks embedded WingOS, which was originally created by Motorola. This operating system is used globally in millions of Motorola, Zebra and Extreme Networks devices.
“This research actually started with a focus on an access point widely used in many aircrafts in worldwide airlines,” Rodriguez said. “As time went by, we realized this embedded operating system is not only used in access points for aircrafts, but also in healthcare, government, transportation, smart cities, small to big enterprises and more.”
To learn more about Santamarta’s research, please download his white paper.
To learn more about Rodriguez’s research, please read his blog.
Image courtesy: Enisa