Globalstar location-tracking network vulnerable to hacking – researcher

  • -

Globalstar location-tracking network vulnerable to hacking – researcher

Category : CyberSecurity

Location-tracking devices that communicate with a major satellite network operated by Globalstar Inc can have their transmissions intercepted or mimicked with false data, a U.S. security researcher said on Thursday.

Globalstar, of Covington, Louisiana, has sold hundreds of thousands or millions of the devices, which are widely used for tracking valuable shipments and assets.

The problem is that unlike Globalstar’s satellite phone services, data from the devices is not encrypted in transit, said Synack Inc researcher Colby Moore, who will present his findings at next week’s Black Hat security conference in Las Vegas.

Instead, the system changes frequencies and transmits a great deal of inconsequential data that can be discarded once an attacker figures out the methods involved, as Moore did.

Such systems “are kind of fundamentally broken from the get-go,” Moore said in a phone interview. “I ended up figuring out how to decode the data in transit.” In addition, the system does not make sure that the data is coming from the place it claims.

The flaw is an architectural issue that Moore said would be hard or impossible to patch. New software could be written to encrypt the traffic in future devices, but the technology is already embedded inside popular hardware without that functionality and no clear way to install it.

Article: Reuters


About Author

Tamara Eikelenboom-Kamp

Tamara Eikelenboom-Kamp

Tamara Eikelenboom-Kamp is managing director at Innovice-IT. She is mainly publishing about CyberSecurity. She is working with several specialists based on their knowledge and skills in cyber-security and cyber-safety. The emphasis is on conceptual thinking, developing plans, innovative software or innovative methods. The main activities of Innovice-IT are Cyber Security Consulting, Penetration Testing and Secure Managed Hosting.

Search

Innovice-IT on Twitter

  1. Bas Eikelenboom
    Bas Eikelenboom: RT @InfoSecHotSpot: Unfilled cybersecurity jobs are expected to reach 1.8 million by 2022, up 20 percent from 1.5 million in 2015, accordin…

  2. Bas Eikelenboom

  3. Bas Eikelenboom
    Bas Eikelenboom: RT @RidT: A few observations on today's "online escalation" New York Times story. I see lots of people making assumptions and jumping to co…

  4. Bas Eikelenboom
    Bas Eikelenboom: RT @bellingcat: Bellingcat's @Timmi_Allen put together the following video demonstrating how various images of the Kokuka Courageous match…

  5. Bas Eikelenboom
    Bas Eikelenboom: RT @InfoSecHotSpot: AI and 5G will create an explosion in cybersecurity risks, says FBI agent and general counsel at $50 billion firm https…

Archive

Categories